Minemeld diminishing numbers when passing from miner to processor.

userlevel1 — Sat, 29 Dec 2018 00:45:27 GMT

Hello,

We are trying to integrate Recorded Future IP risk list with our SIEM to do correlation after that.

We have set up correctly the miner, which gives us around 50k indicators.

We then proceed to pass it to the processor stdlib.aggregatorIPv4Generic, which just process 20k indicators.

Finall we convert it to CEF format with the output cef.testCEF than at the same time just process around 8k indicator.

I checked the logs and some of the IPs jsut don't seem to never being grabbed by the processor as they don't show up on it's logs, but the do show up on the logs of the miner, same thing happens when it's parsing from processor to CEF.

We would like to grab those 50k indicators and when that is working going more indepth as how we can filters indicators that might be more interesting to us (higher confidence, etc).

Just as an indication this is the first time we are pulling information from this API and we currently don't have more feeds applied on Minemeld.

What is happening and why are we receiving so few numbers? Are we doing something wrong?

We are using the latest version of Minemeld and the prototypes.

Thank you!

Re: Minemeld diminishing numbers when passing from miner to processor.

lmori — Wed, 02 Jan 2019 07:47:37 GMT

Which aggregator are you using?

topic Re: Minemeld diminishing numbers when passing from miner to processor. in General Topics

Minemeld diminishing numbers when passing from miner to processor.

Re: Minemeld diminishing numbers when passing from miner to processor.