Use AutoFocus Miners with the Palo Alto Networks Firewall
Table of Contents
Expand all | Collapse all
Use AutoFocus Miners with the Palo Alto Networks Firewall
Use AutoFocus miners to dynamically send indicators
from AutoFocus to an external dynamic list on a PAN-OS 9.0
firewall.
- Add the root certificate authority (CA) certificate for MineMeld to the firewall.
- Download the GoDaddy Class 2 Certification Authority Root Certificate: https://certs.godaddy.com/repository/gd-class2-root.crt
- On the firewall, select.DeviceCertificate ManagementCertificates
- Importthe certificate to the firewall.
- Give the certificate a descriptive name.
- Browsefor the certificate file and attach the GoDaddy certificate you downloaded.
- ClickOK.
- Create a certificate profile for the MineMeld root CA certificate.
- On the firewall, select.DeviceCertificate ManagementCertificate Profile
- Adda new certificate profile.
- Give the certificate profile a descriptive name.
- ClickAdd, select the certificate name from the CA Certificate drop-down, and clickOK.
- ClickOK.
- Configure the MineMeld nodes that will send indicators to the firewall.This procedure focuses on using AutoFocus miners to forward indicators to an external dynamic list; however, you can use other MineMeld miners that extract IPv4 addresses, domains, and URLs to forward indicators to an external dynamic list.
- Use an AutoFocus sample or indicator store miner to Forward AutoFocus Indicators to MineMeld.
- In MineMeld, Connect MineMeld Nodes (AutoFocus miner and processor) to an output that can feed indicators to an external dynamic list on the firewall.To find outputs that you can use with an external dynamic list, view the list of MineMeldPrototypesand search with the keywordEDL.
- Restrict access to the indicators.
- Select the output node you plan to use with an external dynamic list from the list ofNodes.
- Click Tags, enter a tag name to use with the output node, and clickOK.
- ClickAdmin, and select theFeeds Userstab.
- Click (+) to add a new user profile for accessing the indicators from the output node.
- Create a username and password, confirm the password, and clickOK.
- Grant the user you just created access to the output node. In the Access setting for the user, select the tag for the output node and clickOK.
- Configure the firewall to access an external dynamic list based on the indicators from the AutoFocus miners.Follow the steps to add a new external dynamic list to the firewall and observe the following guidelines:
- Enter the MineMeld-provided link from the output node as theSourceof the external dynamic list. To find this link in MineMeld, select the output node from the list ofNodesand copy theFeed Base URLlink.
- Select theCertificate Profileyou created for the MineMeld root CA certificate.
- SelectClient Authentication, and enter the username and password for the user you created from the previous step.
- Verify that the firewall can receive indicators from the AutoFocus miners.On the firewall, retrieve entries for the external dynamic list you added and view the list entries.