Using Palo Alto Minemeld behind corporate proxy

Posted on November 15, 2018

0



I can only quote now since I am a bit tired:
“MineMeld is a threat intelligence processing tool that extracts indicators from various sources and compiles the indicators into multiple formats compatible with AutoFocus, the Palo Alto Networks® next-generation firewall, and other security and information event management (SIEM) platforms.”

Here are some more details:
minemeld

Installing Minemeld is not that hard but if its behind a proxy you can lost hours of troubleshooting easily…
let me solve that gap here.
Links about Minemeld and proxy Settings:
Running-MineMeld-on-VMWare-desktop
Install-MineMeld-behind-the-proxy-server
How-to-Safely-Enable-access-to-Office-365-using-MineMeld-Updated

Here is my summary about all the proxy settings thar was required for minemeld to work:

für apt package manager


ubuntu@minemeld:~$ less /etc/apt/apt.conf
Acquire::http::Proxy "http://proxyserver:proxyport";
Acquire::https::Proxy "http://proxyserver:proxyport";
Acquire::ftp::Proxy "http://proxyserver:proxyport";

Wget is for apt important:


ubuntu@minemeld:~$ less /etc/wgetrc | grep proxy
http_proxy = http://proxyserver:proxyport/
https_proxy = http://proxyserver:proxyport/
ftp_proxy = http://proxyserver:proxyport/
# If you do not want to use proxy at all, set this to off.
use_proxy = on

For Enviromental Variables like curl and other applications:


ubuntu@minemeld:~$ set | grep proxy
ftp_proxy=http://proxyserver:proxyport
http_proxy=http://proxyserver:proxyport
https_proxy=http://proxyserver:proxyport
no_proxy=localhost,127.0.0.1,localaddress,.localdomain.com

For Python Package Management (pip):


pip --proxy=http://proxyserver:proxyport install pip==9.0.3

for Minemeld:


ubuntu@minemeld:~$ less /etc/default/minemeld
export http_proxy=http://proxyserver:proxyport
export https_proxy=http://proxyserver:proxyport
export ftp_proxy=http://proxyserver:proxyport


ubuntu@minemeld:~$ less /etc/environment
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"


http_proxy="http://proxyserver:proxyport"
https_proxy="http://proxyserver:proxyport"
ftp_proxy="http://proxyserver:proxyport"
no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
HTTP_PROXY="http://proxyserver:proxyport"
HTTPS_PROXY="http://proxyserver:proxyport"
FTP_PROXY="http://proxyserver:proxyport"
NO_PROXY="localhost,127.0.0.1,localaddress,.localdomain.com"

Thats it :-)

Posted in: Palo Alto, Security, Uncategorized