: Use AutoFocus Miners with the Palo Alto Networks Firewall
Focus
Focus

Use AutoFocus Miners with the Palo Alto Networks Firewall

Table of Contents

Use AutoFocus Miners with the Palo Alto Networks Firewall

Use AutoFocus miners to dynamically send indicators from AutoFocus to an external dynamic list on a PAN-OS 9.0 firewall.
  1. Add the root certificate authority (CA) certificate for MineMeld to the firewall.
    1. Download the GoDaddy Class 2 Certification Authority Root Certificate: https://certs.godaddy.com/repository/gd-class2-root.crt
    2. On the firewall, select
      Device
      Certificate Management
      Certificates
      .
    3. Import
      the certificate to the firewall.
      1. Give the certificate a descriptive name.
      2. Browse
        for the certificate file and attach the GoDaddy certificate you downloaded.
      3. Click
        OK
        .
  2. Create a certificate profile for the MineMeld root CA certificate.
    1. On the firewall, select
      Device
      Certificate Management
      Certificate Profile
      .
    2. Add
      a new certificate profile.
      1. Give the certificate profile a descriptive name.
      2. Click
        Add
        , select the certificate name from the CA Certificate drop-down, and click
        OK
        .
      3. Click
        OK
        .
  3. Configure the MineMeld nodes that will send indicators to the firewall.
    This procedure focuses on using AutoFocus miners to forward indicators to an external dynamic list; however, you can use other MineMeld miners that extract IPv4 addresses, domains, and URLs to forward indicators to an external dynamic list.
    1. Use an AutoFocus sample or indicator store miner to Forward AutoFocus Indicators to MineMeld.
    2. In MineMeld, Connect MineMeld Nodes (AutoFocus miner and processor) to an output that can feed indicators to an external dynamic list on the firewall.
      To find outputs that you can use with an external dynamic list, view the list of MineMeld
      Prototypes
      and search with the keyword
      EDL
      .
    3. Restrict access to the indicators.
      1. Select the output node you plan to use with an external dynamic list from the list of
        Nodes
        .
      2. Click Tags, enter a tag name to use with the output node, and click
        OK
        .
      3. Click
        Admin
        , and select the
        Feeds Users
        tab.
      4. Click (+) to add a new user profile for accessing the indicators from the output node.
      5. Create a username and password, confirm the password, and click
        OK
        .
      6. Grant the user you just created access to the output node. In the Access setting for the user, select the tag for the output node and click
        OK
        .
  4. Configure the firewall to access an external dynamic list based on the indicators from the AutoFocus miners.
    Follow the steps to add a new external dynamic list to the firewall and observe the following guidelines:
    • Enter the MineMeld-provided link from the output node as the
      Source
      of the external dynamic list. To find this link in MineMeld, select the output node from the list of
      Nodes
      and copy the
      Feed Base URL
      link.
    • Select the
      Certificate Profile
      you created for the MineMeld root CA certificate.
    • Select
      Client Authentication
      , and enter the username and password for the user you created from the previous step.
  5. Verify that the firewall can receive indicators from the AutoFocus miners.

Recommended For You