Thanks. I figured it out..
Because it is a Json format i copied the existing miner prototype, aws.AMAZON, which uses the CLASS, minemeld.ft.json.SimpleJSON.
original strings are;
age_out: default: null interval: 257 sudden_death: true attributes: confidence: 100 share_level: green type: IPv4 extractor: prefixes[?service=='AMAZON'] fields: - region - service indicator: ip_prefix prefix: aws source_name: aws.AMAZON url: https://ip-ranges.amazonaws.com/ip-ranges.json
Per the previous suggestion, I replaced the following
extractor: prefixes <<< changed fields: <<< removed - region <<< removed - service <<< removed indicator: ipv4Prefix <<< changed prefix: google <<< changed source_name: google.cloud <<< changed url: https://www.gstatic.com/ipranges/cloud.json <<<<<< changed
As for the aggregator, I created a new prototype from stdlib.aggregatorIPv4Generic and removed the following unnecessary lines;
- actions: - drop name: drop all whitelist_prefixes: - wl
For the output, I created a new prototype from stdlib.feedHCGreen and removed the following unnecessary lines;
conditions: - confidence > 75 - share_level == 'green' name: accept confidence > 75 and share level green - actions: - drop name: drop all
Hope this helps.
... View more
I'm trying to create a mine meld feed that will somehow download and read an XML file (or just read and xml) which contains a list of Azure datacenter IP addresses , which I can use to apply to my PAN firewall.
Any help/direction is appreciated.
XML file can be downloaded from;
... View more