MineMeld is an “extensible Threat Intelligence processing framework and the ‘multi-tool’ of threat indicator feeds. Based on an extremely flexible engine, MineMeld can be used to collect, aggregate and filter indicators from a variety of sources and make them available for consumption to peers or to the Palo Alto Networks security platforms.”
It was recently open-sourced by Palo Alto and can be found on Github.
This is a follow up from my other blog post – as I have found another issue with the best practices provided by Palo Alto, I thought I’d consolidate them in a single post.
It seems Windows Updates doesn’t play nice with Palo Alto best practices; specifically when it comes to range headers.
Palo Alto best practices state that you should block the HTTP range option for the following reason:
In this article I will go through the steps required to implement RADIUS authentication using Windows NPS (Network Policy Server) so that firewall administrators can log-on using domain credentials.
In this quick how-to I will show you how you can very easily and quickly run a packet capture on a Palo Alto management interface.
Some reasons why you may want to capture packets on the management interface is to capture traffic such as RADIUS and Syslog which is processed via the management plane. Management traffic cannot be captured using the ‘packet capture’ feature on the GUI so we need to do it using the CLI.