About soc_enav

I found this page while looking at some Splunk/MineMeld integration post.   I wrote a series of blog posts on Threat Intelligence automation using MineMeld and Splunk   You can find here https://scubarda.wordpress.com/category/threat-intelligence/   Some note: on post 1 I show the architecture   on post 2 I show how-to write a custom prototype and the IoC integration with our SOC Splunk application. This is the fully automated near real feature we are using today to check IoC access. on post 3 I show how-to create a STIX/TAXII output miner to export IoC on post 4 I show how I integrated IoC events (updates/withdraw) into Splunk; to do this I wrote a TA to parse coming data (via logstash connector) and an app to show some stats (both on github). Hope this is useful Giovanni ... View more

@iThreatHunt wrote: HTTPS Configurations    Configure the server to disable support for 3DES suite & Disable insecure TLS/SSL protocol support (TLSv1)   $sudo vi /etc/nginx/sites-enabled/minemeld-web   ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';   $sudo sudo -u minemeld mm-supervisorctl restart minemeld-web After applying your config I can get a little better rate on https://www.ssllabs.com test for "Protocol Support" because TLS 1.0 is disabled (note that the test don't say that TLS 1.0 is insecure).     Disabling 3DES disable the only one cipher suite considered WEAK,  TLS_RSA_WITH_3DES_EDE_CBC_SHA ( 0xa ). Great catch, to be honest I tried without success to find the right config. SO tks     Last note. To apply the new config on nginx the following command don't works   $sudo sudo -u minemeld mm-supervisorctl restart minemeld-web   You need to restart the service nginx   # service nginx restart   Tks, I update my blog post Giovanni ... View more

Tks for the config, I will test and update the post ... View more

New post here Topic covered: how I built the foundation of near-real-time integration of MineMeld with our Information Security Operation Center (i-SOC) custom SPLUNK application ... View more