This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
About soc_enav
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About soc_enav
10-27-2017
8Posts
13Likes
0Solutions
Oct 27, 2017Last Visited
User
Activity
User
Profile
Latest posts by soc_enav
| Subject | Views | Posted |
|---|---|---|
| 10270 | 10-09-2017 12:35 AM | |
| 5068 | 09-12-2017 04:32 AM | |
| 3619 | 08-30-2017 09:34 AM | |
| 12965 | 08-14-2017 11:06 PM | |
| 12967 | 08-14-2017 10:46 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-09-2017 12:35 AM | |
| 1 Like | 09-12-2017 04:32 AM | |
| 2 Likes | 08-30-2017 09:34 AM | |
| 6 Likes | 08-11-2017 08:11 AM | |
| 3 Likes | 08-03-2017 04:25 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 07-19-2017 05:14 AM |
| Date Last Visited | 10-27-2017 07:16 AM |
| Posts | 8 |
| Total Likes Received | 13 |
10-09-2017
12:35 AM
1 Kudo
I found this page while looking at some Splunk/MineMeld integration post.
I wrote a series of blog posts on Threat Intelligence automation using MineMeld and Splunk
You can find here https://scubarda.wordpress.com/category/threat-intelligence/
Some note:
on post 1 I show the architecture
on post 2 I show how-to write a custom prototype and the IoC integration with our SOC Splunk application. This is the fully automated near real feature we are using today to check IoC access.
on post 3 I show how-to create a STIX/TAXII output miner to export IoC
on post 4 I show how I integrated IoC events (updates/withdraw) into Splunk; to do this I wrote a TA to parse coming data (via logstash connector) and an app to show some stats (both on github).
Hope this is useful Giovanni
... View more
09-12-2017
04:32 AM
1 Kudo
Hi,
a new post on the Threat Intelligence automation journey.
It's time to integrate miner events (update/whitdraw) into Splunk to search received IoC events
To do this I used logstash prototype and wrote a TA (Technology Addon) to parse JSON data on Splunk forwarders and a sample applicattion to see and analyze received data.
As always feedback welcome
Giovanni
... View more
08-30-2017
09:34 AM
2 Kudos
Hi,
a new post on the Threat Intelligence automation journey.
Now, after architecture and hardening and custom prototype and SOC integration, it's time for howto export IoC to the community in a standard way (STIX/TAXII).
Here the new post: Export internal IoC to the community
As always feedback welcome
Giovanni
... View more
08-14-2017
11:06 PM
@iThreatHunt wrote:
HTTPS Configurations
Configure the server to disable support for 3DES suite & Disable insecure TLS/SSL protocol support (TLSv1)
$sudo vi /etc/nginx/sites-enabled/minemeld-web
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
$sudo sudo -u minemeld mm-supervisorctl restart minemeld-web
After applying your config I can get a little better rate on https://www.ssllabs.com test for "Protocol Support" because TLS 1.0 is disabled (note that the test don't say that TLS 1.0 is insecure).
Disabling 3DES disable the only one cipher suite considered WEAK, TLS_RSA_WITH_3DES_EDE_CBC_SHA ( 0xa ). Great catch, to be honest I tried without success to find the right config. SO tks
Last note.
To apply the new config on nginx the following command don't works
$sudo sudo -u minemeld mm-supervisorctl restart minemeld-web
You need to restart the service nginx
# service nginx restart
Tks, I update my blog post
Giovanni
... View more
08-14-2017
10:46 PM
Tks for the config, I will test and update the post
... View more
08-11-2017
08:13 AM
New post here
Topic covered: how I built the foundation of near-real-time integration of MineMeld with our Information Security Operation Center (i-SOC) custom SPLUNK application
... View more
08-11-2017
08:11 AM
6 Kudos
Hi again,
after good feedback received on the first post on MineMeld architecture and hardening I wrote a new post on how I built the foundation of near-real-time integration of MineMeld with our Information Security Operation Center (i-SOC) custom SPLUNK application.
You can read the new post here
Feedback welcome, tks
Giovanni
... View more
08-03-2017
04:25 AM
3 Kudos
Hi everyone,
I'm Giovanni Mellini and I work in ENAV (Italian Air Traffic Control provider) Security dept.
One of the topics I've been working on over the last few months is threat intelligence automation, or how to automatically integrate threat intelligence feeds into our near-real-time Information Security Operation Center SOC Splunk engine to reduce the time spent by SOC security analysts on IOC analysis.
I found in MineMeld the solution; MineMeld helped me to solve the challenges I had in the past while playing with IOC coming from various threat intelligence sources: collection automation, unduplication, aging and SOC integration.
I wrote a blog post - the first of a series I want to write- about the architecture design and hardening of MineMeld to:
collect feeds from external sources
make available the feeds to trusted sources (internal and external)
put data collected into our SOC near-real-time engine built on top of Splunk
Hope this can be an useful resource for anyone like me is trying to be effective on TI automation.
Many tks again to Luigi Mori for its continued support.
Ciao
Giovanni
... View more
- Tags:
- automation
- soc
- splunk
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-27-2017
07:16 AM
|
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks