{"id":988,"date":"2021-02-16T14:21:26","date_gmt":"2021-02-16T06:21:26","guid":{"rendered":"https:\/\/www.insecurewire.com\/?p=988"},"modified":"2021-02-16T14:21:26","modified_gmt":"2021-02-16T06:21:26","slug":"how-to-setup-palo-alto-minemeld-on-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/","title":{"rendered":"How To Setup Palo Alto Minemeld on Ubuntu 18.04"},"content":{"rendered":"<p>So I&#8217;ve been meaning to do a post about this for a while. Minemeld is a cool open source project from Palo Alto Networks that allows you to take threat feeds such as IP and URL lists, that contain indicators of compromise and transform them into a single list for use with your favourite Next Gen Firewall. Minemeld is essentially a multiplexer for threat feeds. Take multiple threat feeds, transform them, set confidence and output into a single consumable feed. <\/p>\n<p>For example you could transform lists from public sources such as Spamhaus and Abuse.ch and transform them into one list that can be used by your firewall to block those URLs. You can also take sources and transform them with Minemeld for consumption with security operations tools such as Splunk. This tutorial will centre around setting up a URL feed for consumption with the External Dynamic List feature on a Palo Alto firewall.<\/p>\n<p><strong>Setting up Minemeld<\/strong><br \/>\nThe first part of the setup requires you to have an Ubuntu 18.04 (you can use Redhat and CentOS but that is out of scope for this) VM ready to go. 2vCPU, 4GB memory, 80GB disk is enough for this lab.<br \/>\n1. We are going to do the Ansible playbook deployment for Ubuntu 18.04. You will be asked to supply a password during the install. This will be your admin account password for the Minemeld application.<br \/>\nMake sure your Ubuntu install is up to date then run the following:<br \/>\n<code>sudo apt update<br \/>\nsudo apt upgrade<br \/>\nsudo apt install -y gcc git python-minimal python2.7-dev libffi-dev libssl-dev make<br \/>\nwget https:\/\/bootstrap.pypa.io\/get-pip.py<br \/>\nsudo -H python get-pip.py<br \/>\nsudo -H pip install ansible<br \/>\ngit clone https:\/\/github.com\/PaloAltoNetworks\/minemeld-ansible.git<br \/>\ncd minemeld-ansible<br \/>\nansible-playbook -K -i 127.0.0.1, local.yml<br \/>\nsudo usermod -a -G minemeld <your user> # add your user to minemeld group, useful for development<\/code><br \/>\n2. To change the default NGINX web server certifcates (if you have your own PKI etc) replace the following and restart NGINX:<br \/>\n<code>sudo cp ~\/cert.pem \/etc\/nginx\/minemeld.cer<br \/>\nsudo cp ~\/cert.key \/etc\/nginx\/minemeld.pem<br \/>\nsudo service nginx restart<\/code><br \/>\n3. Login to your Minemeld instance with https:\/\/servername. Default username is admin and the password is what you set in step 1 during the Ansible install.<br \/>\n<strong>Configuring Minemeld<\/strong><br \/>\nWe are going to configure Minemeld to process a URL text feed from Abuse.ch<br \/>\n1. On the Minemeld dashboard click on config and the elipse button. Search for the prototype itcertpa.URLS and click on it.<br \/>\n2. We are using this prototype as a template, click on new in the top right. Name the prototype <strong>rwtracker<\/strong> and configure it as follows.<br \/>\n<code>age_out:<br \/>\n    default: null<br \/>\n    interval: 600<br \/>\n    sudden_death: true<br \/>\nattributes:<br \/>\n    confidence: 80<br \/>\n    direction: inbound<br \/>\n    share_level: green<br \/>\n    type: URL<br \/>\nignore_regex: ^#<br \/>\nindicator:<br \/>\n    regex: ^(http[s]*:\\\/\\\/)(.*)<br \/>\n    transform: \\2<br \/>\nsource_name: itcertpa.URLS<br \/>\nurl: https:\/\/urlhaus.abuse.ch\/downloads\/text_online\/<\/code><br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/1.png\" alt=\"rwtracker\" width=\"788\" height=\"668\" class=\"aligncenter size-full wp-image-1002\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/1.png 788w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/1-300x254.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/1-768x651.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/1-100x85.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/1-531x450.png 531w\" data-sizes=\"auto, (max-width: 788px) 100vw, 788px\" \/><\/a><br \/>\nThis prototype will download the URLHaus feed from Abuse.ch. The regex will strip the http\/s from the URL feed for consumption with a PA Firewall. Click OK to save.<br \/>\n3. Now its time to create the miner node. To add a miner click on the eye button on the bottom left corner of config then the + icon. The add node screen will appear. Set the name to <strong>rwMiner<\/strong> and base it off prototype minemeldlocal.rwtracker. Click OK to save.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/2.png\" alt=\"rwMiner1\" width=\"1197\" height=\"531\" class=\"aligncenter size-full wp-image-1004\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/2.png 1197w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/2-300x133.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/2-1024x454.png 1024w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/2-768x341.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/2-100x44.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/2-700x311.png 700w\" data-sizes=\"auto, (max-width: 1197px) 100vw, 1197px\" \/><\/a><br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/3.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/3.png\" alt=\"rwMiner2\" width=\"796\" height=\"228\" class=\"aligncenter size-full wp-image-1005\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/3.png 796w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/3-300x86.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/3-768x220.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/3-100x29.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/3-700x201.png 700w\" data-sizes=\"auto, (max-width: 796px) 100vw, 796px\" \/><\/a><br \/>\n4. Lets now add the processor prototype. The processor will remove any duplicate entries from the feeds. Click on config and then click on the elipse. Search for &#8216;stdlib.aggregatorURL&#8217;. Click on it. Then click on New. Name the prototype <strong>rwtrackerprocessor<\/strong>. Type a description &#8220;URL processor for urlhaus.abuse.ch&#8221;.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/4.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/4.png\" alt=\"rwprocessor1\" width=\"1175\" height=\"503\" class=\"aligncenter size-full wp-image-1006\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/4.png 1175w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/4-300x128.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/4-1024x438.png 1024w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/4-768x329.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/4-100x43.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/4-700x300.png 700w\" data-sizes=\"auto, (max-width: 1175px) 100vw, 1175px\" \/><\/a><br \/>\nConfigure it as follows:<br \/>\n<code>infilters:<br \/>\n-   actions:<br \/>\n    - accept<br \/>\n    conditions:<br \/>\n    - __method == 'withdraw'<br \/>\n    name: accept withdraws<br \/>\n-   actions:<br \/>\n    - accept<br \/>\n    conditions:<br \/>\n    - type == 'URL'<br \/>\n    name: accept URL<\/code><br \/>\nClick OK to save.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/13.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/13.png\" alt=\"rwprocessor0\" width=\"788\" height=\"612\" class=\"aligncenter size-full wp-image-1016\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/13.png 788w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/13-300x233.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/13-768x596.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/13-100x78.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/13-579x450.png 579w\" data-sizes=\"auto, (max-width: 788px) 100vw, 788px\" \/><\/a><br \/>\n5. Now add the processor node. Click config, the eye button and then +. Name the node rwtrackerprocessor. Select the prototype as minemeldlocal.rwtrackerprocessor. Select the input as rwMiner.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/5.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/5.png\" alt=\"rwprocessor2\" width=\"784\" height=\"239\" class=\"aligncenter size-full wp-image-1007\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/5.png 784w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/5-300x91.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/5-768x234.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/5-100x30.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/5-700x213.png 700w\" data-sizes=\"auto, (max-width: 784px) 100vw, 784px\" \/><\/a><br \/>\n6. Its now time to create the output prototype. Click Config and the elipse and search for &#8220;stdlib.feedGreenWithValue&#8221;. Click on it.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/6.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/6.png\" alt=\"rwoutput1\" width=\"1172\" height=\"463\" class=\"aligncenter size-full wp-image-1008\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/6.png 1172w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/6-300x119.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/6-1024x405.png 1024w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/6-768x303.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/6-100x40.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/6-700x277.png 700w\" data-sizes=\"auto, (max-width: 1172px) 100vw, 1172px\" \/><\/a><br \/>\nClick new and name the prototype rwtrackerOuput. Configure it like so:<br \/>\n<code>infilters:<br \/>\n-   actions:<br \/>\n    - accept<br \/>\n    conditions:<br \/>\n    - __method == 'withdraw'<br \/>\n    name: accept withdraws<br \/>\n-   actions:<br \/>\n    - accept<\/code><br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/7.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/7.png\" alt=\"rwoutput2\" width=\"788\" height=\"669\" class=\"aligncenter size-full wp-image-1009\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/7.png 788w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/7-300x255.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/7-768x652.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/7-100x85.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/7-530x450.png 530w\" data-sizes=\"auto, (max-width: 788px) 100vw, 788px\" \/><\/a><br \/>\n7. Add the output node. Click Config -> eye icon > plus icon. Name the node rwtrackeroutput, select the prototype minemeldlocal.rwtrackeroutput. Select the input rwprocessor and click ok.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/8.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/8.png\" alt=\"rwOutput3\" width=\"780\" height=\"223\" class=\"aligncenter size-full wp-image-1010\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/8.png 780w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/8-300x86.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/8-768x220.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/8-100x29.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/8-700x200.png 700w\" data-sizes=\"auto, (max-width: 780px) 100vw, 780px\" \/><\/a><br \/>\n8. You have configured all three nodes: rwMiner, rwtrackerprocessor and rwtrackerOutput. On the config screen click Commit to apply the configuration.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/9.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/9.png\" alt=\"Commit\" width=\"1192\" height=\"521\" class=\"aligncenter size-full wp-image-1011\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/9.png 1192w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/9-300x131.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/9-1024x448.png 1024w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/9-768x336.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/9-100x44.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/9-700x306.png 700w\" data-sizes=\"auto, (max-width: 1192px) 100vw, 1192px\" \/><\/a>You can navigate to the nodes screen and the see the indicators column is now processing entries from the urlhause feed in Minemeld.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/indicators.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/indicators.png\" alt=\"indicators\" width=\"1201\" height=\"401\" class=\"aligncenter size-full wp-image-1034\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/indicators.png 1201w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/indicators-300x100.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/indicators-1024x342.png 1024w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/indicators-768x256.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/indicators-100x33.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/indicators-700x234.png 700w\" data-sizes=\"auto, (max-width: 1201px) 100vw, 1201px\" \/><\/a>The rwtrackOutput feed can also be browsed to via the url https:\/\/sitname.domain\/feeds\/rwtrackerOutput.<br \/>\n<strong>Configure Authentication for a Minemeld Feed<\/strong><br \/>\n1. SSH to your Ubuntu VM running minemeld and run the following command:<br \/>\n<code>sudo -u minemeld sh -c 'echo \"FEEDS_AUTH_ENABLED: True\" > \/opt\/minemeld\/local\/config\/api\/30-feeds-auth.yml'<\/code><br \/>\n2. Login to Minemeld Web UI and browse to Admin > Feed Users. Add a username (edluser) and password and select create a tag for the user. The tag we will use is called &#8220;ransomware&#8221;.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/11.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/11.png\" alt=\"Admin\" width=\"1151\" height=\"171\" class=\"aligncenter size-full wp-image-1013\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/11.png 1151w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/11-300x45.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/11-1024x152.png 1024w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/11-768x114.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/11-100x15.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/11-700x104.png 700w\" data-sizes=\"auto, (max-width: 1151px) 100vw, 1151px\" \/><\/a><br \/>\n3. Click on Nodes and rwtrackerOutput. Click tags on this node and add ransomware to it. Now the edluser you created in step two is authenticated to access the feed URL for rwtrackerOutput.<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/11.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/12.png\" alt=\"Admin\" width=\"1151\" height=\"171\" class=\"aligncenter size-full wp-image-1013\" \/><\/a><br \/>\n<strong>Updating Minemeld<\/strong><br \/>\nTo update Minemeld with the Ansible deployment, simply run the command again from CLI:<br \/>\n<code>cd ~\/minemeld-ansible\/<br \/>\nansible-playbook -K -i 127.0.0.1, local.yml<\/code><br \/>\nYou can check the version your running by clicking on Minemeld logo on the top left of the Web UI:<br \/>\n<a href=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/version.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.insecurewi.re\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/www.insecurewire.com\/wp-content\/uploads\/2021\/02\/version.png\" alt=\"Minemeld-Version\" width=\"905\" height=\"382\" class=\"aligncenter size-full wp-image-1028\" data-srcset=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/version.png 905w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/version-300x127.png 300w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/version-768x324.png 768w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/version-100x42.png 100w, https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/version-700x295.png 700w\" data-sizes=\"auto, (max-width: 905px) 100vw, 905px\" \/><\/a><\/p>\n<p>Click <a href=\"https:\/\/www.insecurewire.com\/using-a-minemeld-feed-with-a-palo-alto-external-dynamic-list\/\" rel=\"noopener\" target=\"_blank\">here for part two<\/a> which I will detail how to add this Minemeld feed to a External Dynamic List on a PA Firewall. I cover using the EDL feature with URL filtering and a security policy.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So I&#8217;ve been meaning to do a post about this for a while. Minemeld is a cool open source project from Palo Alto Networks that&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1035,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,28,34,5],"tags":[103,132,140,175],"class_list":["post-988","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-attack","category-firewall","category-minemeld","category-palo-alto-networks","tag-firewall","tag-minemeld","tag-palo-alto-networks","tag-threat"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How To Setup Palo Alto Minemeld on Ubuntu 18.04 - Insecure Wire<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How To Setup Palo Alto Minemeld on Ubuntu 18.04 - Insecure Wire\" \/>\n<meta property=\"og:description\" content=\"So I&#8217;ve been meaning to do a post about this for a while. Minemeld is a cool open source project from Palo Alto Networks that...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/\" \/>\n<meta property=\"og:site_name\" content=\"Insecure Wire\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-16T06:21:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png\" \/>\n\t<meta property=\"og:image:width\" content=\"274\" \/>\n\t<meta property=\"og:image:height\" content=\"152\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"nikonau\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/insecurewire\" \/>\n<meta name=\"twitter:site\" content=\"@insecurewire\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"nikonau\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/\"},\"author\":{\"name\":\"nikonau\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d\"},\"headline\":\"How To Setup Palo Alto Minemeld on Ubuntu 18.04\",\"datePublished\":\"2021-02-16T06:21:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/\"},\"wordCount\":798,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.insecurewi.re\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png\",\"keywords\":[\"Firewall\",\"Minemeld\",\"Palo Alto Networks\",\"Threat\"],\"articleSection\":[\"Attack\",\"Firewall\",\"Minemeld\",\"Palo Alto Networks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/\",\"url\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/\",\"name\":\"How To Setup Palo Alto Minemeld on Ubuntu 18.04 - Insecure Wire\",\"isPartOf\":{\"@id\":\"https:\/\/www.insecurewi.re\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png\",\"datePublished\":\"2021-02-16T06:21:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#primaryimage\",\"url\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png\",\"contentUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png\",\"width\":274,\"height\":152},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.insecurewi.re\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Setup Palo Alto Minemeld on Ubuntu 18.04\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.insecurewi.re\/#website\",\"url\":\"https:\/\/www.insecurewi.re\/\",\"name\":\"Insecure Wire\",\"description\":\"A Network Engineer\u2019s Perspective.\",\"publisher\":{\"@id\":\"https:\/\/www.insecurewi.re\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.insecurewi.re\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.insecurewi.re\/#organization\",\"name\":\"Insecure Wire\",\"url\":\"https:\/\/www.insecurewi.re\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png\",\"contentUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png\",\"width\":32,\"height\":32,\"caption\":\"Insecure Wire\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/insecurewire\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d\",\"name\":\"nikonau\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g\",\"caption\":\"nikonau\"},\"sameAs\":[\"https:\/\/x.com\/https:\/\/twitter.com\/insecurewire\"],\"url\":\"https:\/\/www.insecurewi.re\/index.php\/author\/nikon\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How To Setup Palo Alto Minemeld on Ubuntu 18.04 - Insecure Wire","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/","og_locale":"en_US","og_type":"article","og_title":"How To Setup Palo Alto Minemeld on Ubuntu 18.04 - Insecure Wire","og_description":"So I&#8217;ve been meaning to do a post about this for a while. Minemeld is a cool open source project from Palo Alto Networks that...","og_url":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/","og_site_name":"Insecure Wire","article_published_time":"2021-02-16T06:21:26+00:00","og_image":[{"width":274,"height":152,"url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png","type":"image\/png"}],"author":"nikonau","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/insecurewire","twitter_site":"@insecurewire","twitter_misc":{"Written by":"nikonau","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#article","isPartOf":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/"},"author":{"name":"nikonau","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d"},"headline":"How To Setup Palo Alto Minemeld on Ubuntu 18.04","datePublished":"2021-02-16T06:21:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/"},"wordCount":798,"commentCount":0,"publisher":{"@id":"https:\/\/www.insecurewi.re\/#organization"},"image":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#primaryimage"},"thumbnailUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png","keywords":["Firewall","Minemeld","Palo Alto Networks","Threat"],"articleSection":["Attack","Firewall","Minemeld","Palo Alto Networks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/","url":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/","name":"How To Setup Palo Alto Minemeld on Ubuntu 18.04 - Insecure Wire","isPartOf":{"@id":"https:\/\/www.insecurewi.re\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#primaryimage"},"image":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#primaryimage"},"thumbnailUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png","datePublished":"2021-02-16T06:21:26+00:00","breadcrumb":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#primaryimage","url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png","contentUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2021\/02\/minemeld.png","width":274,"height":152},{"@type":"BreadcrumbList","@id":"https:\/\/www.insecurewi.re\/index.php\/2021\/02\/16\/how-to-setup-palo-alto-minemeld-on-ubuntu-18-04\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.insecurewi.re\/"},{"@type":"ListItem","position":2,"name":"How To Setup Palo Alto Minemeld on Ubuntu 18.04"}]},{"@type":"WebSite","@id":"https:\/\/www.insecurewi.re\/#website","url":"https:\/\/www.insecurewi.re\/","name":"Insecure Wire","description":"A Network Engineer\u2019s Perspective.","publisher":{"@id":"https:\/\/www.insecurewi.re\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.insecurewi.re\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.insecurewi.re\/#organization","name":"Insecure Wire","url":"https:\/\/www.insecurewi.re\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/","url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png","contentUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png","width":32,"height":32,"caption":"Insecure Wire"},"image":{"@id":"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/insecurewire"]},{"@type":"Person","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d","name":"nikonau","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g","caption":"nikonau"},"sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/insecurewire"],"url":"https:\/\/www.insecurewi.re\/index.php\/author\/nikon\/"}]}},"_links":{"self":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts\/988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/comments?post=988"}],"version-history":[{"count":0,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts\/988\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/media\/1035"}],"wp:attachment":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/media?parent=988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/categories?post=988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/tags?post=988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}