What's new in MineMeld 0.9.28

Release Date: 2016-11-16

How to update: Updating MineMeld

Core

- stability and performance improvements in most of the Miners

API

- new authentication and authorization mechanism for output feeds. Disabled by default for consistency with previo

Reliable Threat Feed with lowest false positive for Production Environment

I am wondering, which threat feed is most reliable with lowest false positive that can be used in production environment.

Does anyone have done analysis on it?  Which one is most commonly threat feed used by customer in production environment? Does

Error reading last checkpoint

Hi everyone,

I am facing an issue that floods my output SIEM a little to often. The issue seems to be that the miner node is unable to register where it left of during the last check. Any tips on solving this?

Oracle Web Cache/Proxy fails when behind Palo Alto Firewall

I have a situation where by when an Oracle Web Cache server is placed behind a PA firewall, the application takes time to load or fails in some cases. The design is as followins;

Windows 7 Client --> Routers  --> PaloAlto Firewall --> Radware Loadbala

MineMeld Docker

I started building out a very simple dev (read: unhardened) docker build for MineMeld here: https://github.com/swannysec/MineMeldDocker

Looks like it won't start up correctly inside a container and I think it might be related to the use of UNIX soc

Palo Alto Firewall breaking File downloads in the middle

I am facing a problem in my Network, when we try to downloads some files the firewall breaks the download in the middle some times it does not allow even 5 mb file .For large files its breaking the session and does not allow to complete the download.

rsyslogd dependencies problem

Hi Luigi,

I was testing stdlib.localSyslog to correlate paloalto logs with indicator following this article https://live.paloaltonetworks.com/t5/tkb/articleprintpage/tkb-id/MineMeldArticles/article-id/11

But I was unable to make it work. After a

Link types for HA

I have a client who wants to split their PA3020 HA cluster between 2 datacenters.   What are the limitations for the HA1/HA2 interfaces in terms of distance, and network latency for active/passive HA to work cleanly.  On a 3020 can HA1/HA2 functional

BGP Multiple ISP VR Requirements

I'm attempting to wrap my head around a very critical piece of setting up BGP between 2 ISP's concerning how many Virtual Routers are required.

I currently have 1 ISP (A) up and running on BGP just fine and my other ISP (B) will be converted to BGP o

Application Filter Traffic Reports

Is it possible to view traffic related to a specific application filter through the "Monitor" tab? For example, if I setup an application filter for the "gaming" subcategory, can I view the related traffic without specifying each application individu

Port scan and sweep scan

Hi,
How to block Portscanning
Or atleast log
Thanks

active/active vpn query.

Hi Team,

Case no: 00567829

I have a customer, who have active/active set up.
He had configured a vpn with the floating ip.

The vpn is working fine. No issues with that but he is getting system alert message on the active/secondary device about the phase1