This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About rchilukuri
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About rchilukuri
11-27-2018
4Posts
0Likes
0Solutions
Nov 27, 2018Last Visited
User
Activity
User
Profile
Latest posts by rchilukuri
| Subject | Views | Posted |
|---|---|---|
| 3109 | 02-17-2017 07:53 AM | |
| 3142 | 02-15-2017 03:30 PM | |
| 11851 | 02-06-2017 01:53 PM | |
| 2901 | 02-06-2017 12:29 PM |
User Badges
Community Statistics
| Member Since | 08-25-2015 10:31 AM |
| Date Last Visited | 11-27-2018 11:54 AM |
| Posts | 4 |
02-17-2017
07:53 AM
Getting, Error validating, no "conditions" in rule
Not able to apply the rule with out any conditions.
Need a rule to list and keep the IP indicators for 30 days or more.
... View more
02-15-2017
03:30 PM
I am trying to create an IPv4 indicator list based on PAN-OS threat logs.
Below is the rule code attached to the syslogminer class stdlib.syslogMiner.
RULE:
age_out: default: last_seen+30d interval: 1800 sudden_death: false attributes: confidence: 50 type: IPv4 conditions: - type == 'THREAT' config: share_level: green fields: null indicators: - src_ip
Unfortunately all the IP addresses are withdrawn.
15/2/2017 08:07:04 -0500 ThreatFeedMCGreen ACCEPT_WITHDRAW 192.168.1.61-192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: inboundaggregator
15/2/2017 08:07:04 -0500 ThreatFeedMCGreen RECVD_WITHDRAW 192.168.1.61-192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: inboundaggregator
15/2/2017 08:07:04 -0500 ThreatFeedMCRedWithValue ACCEPT_WITHDRAW 192.168.1.61-192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: inboundaggregator
15/2/2017 08:07:04 -0500 ThreatFeedMCRedWithValue RECVD_WITHDRAW 192.168.1.61-192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: inboundaggregator
15/2/2017 08:07:04 -0500 inboundaggregator EMIT_WITHDRAW 192.168.1.61-192.168.1.61 _updated: 1487160033902 confidence: 50 panossyslog_devices: ["001606041772"] _added: 1487158094654 sources: ["panos.syslog"] first_seen: 1487158094651 _id: 35c6d7da-0715-42db-8b7a-b873cbb07ff2 type: IPv4 last_seen: 1487160033901
15/2/2017 08:07:04 -0500 inboundaggregator ACCEPT_WITHDRAW 192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: panos-syslog-miner
15/2/2017 08:07:04 -0500 inboundaggregator RECVD_WITHDRAW 192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: panos-syslog-miner
15/2/2017 08:07:04 -0500 panos-syslog-miner EMIT_WITHDRAW 192.168.1.61 _age_out: 1487163633901 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901
15/2/2017 07:58:52 -0500 ThreatFeedMCRedWithValue DROP_UPDATE 213.211.198.62-213.211.198.62 confidence: 50 sources: ["panos.syslog"] first_seen: 1487159482831 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487163532361 source_node: inboundaggregator
15/2/2017 07:58:52 -0500 ThreatFeedMCRedWithValue RECVD_UPDATE 213.211.198.62-213.211.198.62 confidence: 50 sources: ["panos.syslog"] first_seen: 1487159482831 panossyslog_devices: ["001606041772"] type: I
... View more
02-06-2017
01:53 PM
MineMeld needs to be deployed in a high availability model, so if one goes down firewall will not start blocking allowed traffic from the rule base. What is the recommendation here?
... View more
02-06-2017
12:29 PM
Use Case: Ofice 365 Access Control
What happens if MineMeld deletes all the IPs from a feed, and the firewall sees there are no more IP’s from that feed. Will the traffic be blocked?
What happens on the firewall if there is no data from a feed where there was data from the last time it pulled? Will it delete the local cached copy of the data and then result in the rule no longer working?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-27-2018
11:54 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks