Install Docker-Compose: $ sudo curl -L "$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose (Optional) To run Docker without entering sudo every time: $ sudo usermod -aG docker $ $ sudo add-apt-repository "deb bionic stable" $ sudo apt install apt-transport-https ca-certificates curl software-properties-common Install Docker: $ sudo apt update -y & sudo apt upgrade -y
Ubuntu 20.04 will be used, although I’m sure 18.04 will flow equally. However, we still need the Docker client. It’s so much easier to keep track on all the configurations we’ve made with a single file, rather than digging into the Docker Client. The list can be utilized in a security policy to block traffic going and coming from those malicious URL’s/IP-addresses.ĭocker Compose makes the configuration so much easier with a yaml file where we can put all of our configuration settings. Output feeds are basically a compiled list of malicious URL’s or IP-addresses.It sits in-between the miners and the output feeds. A processor prevents duplicated inputs from the miners entering the output feeds.By default we have a few preconfigured miners and we do have the option to add our own custom miner for a specific use-case scenario like Office 365. A miner is the component that harvests threat intelligence data from various sources.You do not need a Palo Alto Next-Generation Firewall to leverage the benefits of Minemeld which makes sense as it’s open source. An example would be: mining the IP addresses Microsoft uses for Office365 to create a “External Dynamic List” their NGFW can use. Rather than a manual approach of aggregating and collecting threat indicators, Minemeld is highly automated with an easy-to-use web-interface and excellent visibility. Minemeld is an open source threat intelligence system that gathers and shares threat indicators and feeds from various sources such as: CERT, ISAC, Palo Alto Autofocus, and from other deployed Minemeld instances.
0 kommentar(er)
