https://live.paloaltonetworks.com/t5/general-topics/re-configure-airgapped-miner-for-on-premise-minemeld/m-p/229334#M98267 <P>Hi guys,</P> <P>we recently setup a minemeld server meant for a airgapped environment and we are trying to figure out how to setup a airgapped miner with the other information found here on customizing a miner.</P> <P><A href="https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-Create-a-Custom-Miner/ta-p/227694" target="_blank">https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-Create-a-Custom-Miner/ta-p/227694</A></P> <P>&nbsp;</P> <P>is there any available article for a requirement to a airgapped setup for the miner as well as if the miner must use https/http to access the intell feeds or any other format eg:scp/ssh/smb will do?&nbsp;</P> <P>&nbsp;</P> Tue, 04 Sep 2018 05:16:58 GMT Gerard_Ng 2018-09-04T05:16:58Z https://live.paloaltonetworks.com/t5/general-topics/re-configure-airgapped-miner-for-on-premise-minemeld/m-p/229334#M98267 <P>Hi guys,</P> <P>we recently setup a minemeld server meant for a airgapped environment and we are trying to figure out how to setup a airgapped miner with the other information found here on customizing a miner.</P> <P><A href="https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-Create-a-Custom-Miner/ta-p/227694" target="_blank">https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-Create-a-Custom-Miner/ta-p/227694</A></P> <P>&nbsp;</P> <P>is there any available article for a requirement to a airgapped setup for the miner as well as if the miner must use https/http to access the intell feeds or any other format eg:scp/ssh/smb will do?&nbsp;</P> <P>&nbsp;</P> Tue, 04 Sep 2018 05:16:58 GMT https://live.paloaltonetworks.com/t5/general-topics/re-configure-airgapped-miner-for-on-premise-minemeld/m-p/229334#M98267 Gerard_Ng 2018-09-04T05:16:58Z https://live.paloaltonetworks.com/t5/general-topics/re-configure-airgapped-miner-for-on-premise-minemeld/m-p/229370#M98268 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/90901">@Gerard_Ng</a>,</P> <P>&nbsp;</P> <P>unfortunately there isn't any "generic miner" capable of extracting indicators from local files (or network mounted files).</P> <P>&nbsp;</P> <P>Option 1 is to code a new miner (either contributing to minemeld-core or creating a minemeld extension)</P> <P>Option 2 is to use the "LocalDB" miner and push local indicators to it.</P> <P>&nbsp;</P> <P>If you want to explore Option 2 then I'd recoment to take a look at the article <A title=" Using MineMeld as an Incident Response Platform" href="https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-as-an-Incident-Response-Platform/ta-p/174690" target="_self">https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-as-an-Incident-Response-Platform/ta-p/174690</A> and to take a closer look to its Annex 2 where the API for the LocalDB Miner is explained. You could also leverage the <A href="https://gist.github.com/jtschichold/95f3906566b18b50cf2e3e1a44f1e785" target="_self">minemeld-sync.py script</A> created by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11678">@lmori</a> that allows you to sync the LocalDB stored indicators with the ones present on a given local file.</P> Tue, 04 Sep 2018 10:14:16 GMT https://live.paloaltonetworks.com/t5/general-topics/re-configure-airgapped-miner-for-on-premise-minemeld/m-p/229370#M98268 xhoms 2018-09-04T10:14:16Z