Name the prototype rwtracker and configure it as follows. We are using this prototype as a template, click on new in the top right. Search for the prototype itcertpa.URLS and click on it.Ģ. On the Minemeld dashboard click on config and the elipse button. We are going to configure Minemeld to process a URL text feed from Abuse.chġ. Login to your Minemeld instance with Default username is admin and the password is what you set in step 1 during the Ansible install. Sudo cp ~/cert.key /etc/nginx/minemeld.pemģ. Sudo cp ~/cert.pem /etc/nginx/minemeld.cer To change the default NGINX web server certifcates (if you have your own PKI etc) replace the following and restart NGINX: Sudo usermod -a -G minemeld # add your user to minemeld group, useful for developmentĢ. Sudo apt install -y gcc git python-minimal python2.7-dev libffi-dev libssl-dev makeĪnsible-playbook -K -i 127.0.0.1, local.yml Make sure your Ubuntu install is up to date then run the following: This will be your admin account password for the Minemeld application. You will be asked to supply a password during the install. We are going to do the Ansible playbook deployment for Ubuntu 18.04. 2vCPU, 4GB memory, 80GB disk is enough for this lab.ġ. The first part of the setup requires you to have an Ubuntu 18.04 (you can use Redhat and CentOS but that is out of scope for this) VM ready to go. This tutorial will centre around setting up a URL feed for consumption with the External Dynamic List feature on a Palo Alto firewall. You can also take sources and transform them with Minemeld for consumption with security operations tools such as Splunk. Take multiple threat feeds, transform them, set confidence and output into a single consumable feed.įor example you could transform lists from public sources such as Spamhaus and Abuse.ch and transform them into one list that can be used by your firewall to block those URLs. Minemeld is essentially a multiplexer for threat feeds. Minemeld is a cool open source project from Palo Alto Networks that allows you to take threat feeds such as IP and URL lists, that contain indicators of compromise and transform them into a single list for use with your favourite Next Gen Firewall. So I’ve been meaning to do a post about this for a while.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |