![]() ![]() ![]() Or, to append an existing configuration (ie.$ sudo -u minemeld cp office365-config.yml /opt/minemeld/local/config/committed-config.yml.office365-config.yml replace the configuration of a fresh install, SSH into your MineMeld instance (again as the ubuntu user) and run the following command: yml file you downloaded in Step 2 to your MineMeld instance. For example, on a Mac, run the following with the default password rsplizardspock Nb: Skip this step if you were able to import using the web interface as above! Importing configuration for an OLDER version of MineMeld only If you cannot upgrade for whatever reason, follow step 2a below instead. yml file you downloaded in step 2 into here and click Replace (or Append, if you have already configured this instance of Minemeld for another purpose.Īccept to replace the candidate configuration, followed by clicking the COMMIT button and waiting some time for the engine to restart.Ĭan't see an IMPORT button ? This is simply because you are using an older version of MineMeld. This will bring up the IMPORT CONFIGURATION window. Next click CONFIG at the top followed by IMPORT. NOTE: for a minimal config collecting all the IPv4s, IPv6 and URLs of all the O365 products download this instead: īrowse to (obtained above) and sign in with the username admin and password minemeld. To save you the hassle we've created a configuration you can import, simply download it from and open it in a text editor. MineMeld does already come with Prototypes for each of the O365 services but you would normally need to create a miner for each of these from those Prototypes, along with 3 processors and 3 outputs (one each for IPv4 addresses, IPv6 addresses and URLs respectfully). Make note of MineMelds IP address (from an ifconfig) as you’ll need it for the Web UI in the next step. Assuming an IP comes via DHCP and you have internet access, your VM will automatically be updated to the latest version of Minemeld. Note, if using the VMWare desktop instructions ( ) you can go ahead with the "Super fast setup" but please download the cloud-init ISO and mount it on first boot. It would be preferable to configure external dynamic lists and reference that in our security policies, and as it happens, Microsoft dynamically publishes a fully up-to-date list of all IPs, URLs and ports used by each of the 17 components of Office 365 every hour that we can use! This article will take you through setting up the open source MineMeld utility to parse this data into EDLs for PAN-OS to consume, and creation of a couple of example security policies for your environment.įirst, visit and select the article (from the top right) about installing and running MineMeld appropriate to your environment. Because Microsoft publishes Office 365 over a huge range of URLs, and IP addresses, a security admin would be tempted to simply allow access in policies to a destination of ‘any’, and this gets complicated when the Office 365 App-IDs tend to have dependencies on explicitly allowing web-browsing and SSL. To to safely enable access to Office 365 please follow the instructions in the updated document at:Įnable Access to Office 365 with MineMeldĪs customers migrate to Office 365 they find themselves whitelisting a range of App-IDs for the various workloads they might use in the Office 365 product sets, such as Skype for Business, OneNote, Exchange Online and so on. A new class and corresponding set of MineMeld prototypes was introduced in version 0.9.50 to deal with the new WEB Service. ![]() Microsoft announced a new WEB Service that will deprecate the dynamic XML document used by the miners listed in this document. ![]()
0 Comments
Leave a Reply. |