Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- ›
- About jdemery
About jdemery
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
User
Activity
User
Profile
Latest posts by jdemery
| Subject | Views | Posted |
|---|---|---|
| 2810 | 10-02-2018 12:55 PM | |
| 6605 | 04-26-2018 04:56 AM | |
| 6626 | 04-25-2018 05:19 AM | |
| 3435 | 10-09-2017 10:16 AM | |
| 3445 | 10-09-2017 08:16 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 07-24-2017 06:02 AM |
User Badges
Public Statistics
| Date Registered | 05-09-2017 11:32 AM |
| Date Last Visited | |
| Total Messages Posted | 10 |
| Total Likes Received | 1 |
10-02-2018
12:55 PM
Is anyone using the following Proof Point prototype: proofpoint.EmergingThreatsIPs?
The prototype allows you to select certain categories once added as node however it looks like the categories listed within minemeld are not matching up to what Proof Point is actually categorizing these IP's as. For example ip's are coming in with a category of " Mobile_Spyware_CNC" according to the minemeld log but are actually categorized as Remoteaccess on Proof Point's portal.
Being that the Proof Point feeds have a wide range of categories including IP's that one may not want blocked this is a issue. Alternatively the Proof Point Domain feed (proofpoint.EmergingThreatsDomains) does not seem to have this issue as all of the doman names coming in with their various categorizations are matching up with what Proof Point has listed on their side.
... View more
04-26-2018
04:56 AM
Thanks Menachem.
... View more
04-25-2018
05:19 AM
Curious if Cortex XDR has the ability to ingest logs from DHCP, DNS and Activey Directory domain controllers for analyzation along with logs being sent from any firewalls.
... View more
10-09-2017
10:16 AM
I do not, no. I use the autofocus hosted minemeld so it's not really something we ever considered doing.
... View more
10-09-2017
08:16 AM
We have a URL EDL setup using the OpenPhish miner that comes with Minemeld (openphish.feed miner) that a deny rule is matching against. We have never had any issues with it blocking legitimate URL's but a few days ago the deny rule that matches against the OpenPhish EDL started blocking legitimate sites such as www.youtube.com, www.dell.com, www.oxford.com and many more. This started occurring after our FW refreshed the EDL at 04:00 EDT on 10/07/2017. The EDL then did it's next scheduled refresh at 05:00 EDT on 10/07/2017 and the legitimate URL's that were getting blocked were being allowed through.
Unfortunately it looks like I can only search back to late in the day on 10/08 in the node logs so I can't see what URL's were added prior to the 04:00 refresh on 10/07. Im curious if anyone else on here who happens to use the openphish.feed miner experienced the same?
... View more
08-25-2017
09:34 AM
Thanks Luigi...I misunderstood the use of ?v=panosurl. I was under the impression that the URL had to get changed within the Output Node itself. I appended the parameter to the url my EDL points to and it works as it should, thank you!
... View more
08-25-2017
04:44 AM
I have a output feed that is serving up a list of URL's but I need to have http:// and https:// removed from the feed. It looks like I can use the ?v=panosurl output feed parameter but I am missing how to go about this when using the Autofocus hosted Minemeld. Any help is appreciated.
... View more
07-24-2017
06:02 AM
1 Kudo
This started working after Panorama was upgraded from 8.0.2 to 8.0.3-h4 and our firewall upgraded from 7.1.9 to 8.0.3-h4.
... View more
07-18-2017
04:41 AM
Thanks for the feedback...that's actually the instruction set I followed when first setting up the EDL to pull from the Output Node I have setup in MineMeld. The strange thing is that I if I use curl locally from my desktop (or anywhere) I can connect successfully using the credentials I have setup as a feed user. Using the same credentials I can not connect from the firewall. I have triple checked the credentials just to be sure nothing was fat-fingered.
... View more
07-17-2017
12:50 PM
Setup an EDL in Panorama to grab a IPv4 feed from a Minemeld (Autofocus hosted) output. Verified the EDL was pushed down to one of our PA-5050's and clicked on 'Import Now' from the 5050. EDL is not able to connect and system log shows following:
"Unable to fetch external dynamic list. HTTP response code said error Using old copy for refresh."
When clicking on 'Test Source URL' a pop-up states " URL access error ".
Using curl locally from my desktop I am able to successfully connect to the Minemeld output URL feed with the configured username/password. Triple checked that credentials in the EDL match that of what is set in the user feed username and that the correct tag is assigned to both the username and Output Node. Also created a username under the Admin Feed and configured the EDL to use those credentials but got the same response. Changed the tag on the Output Node to 'any' and that also does not work when trying to connect from the 5050. It seems the only way the 5050 can connect to the URL is if the Output Node is set to 'anonymous' - which we would rather not do.
Can't seem to find any logs with the AF hosted instance of Minemeld that would show the 5050 attempting to connect. Any help/ideas are more then appreciated! Thanks!
... View more
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
