Azure Site Recovery Miner - XML source into Minemeld

Jmarx1 — Mon, 17 Sep 2018 23:59:59 GMT

I'm looking to do, what I believe, would be a simple minor for Azure Site Recovery IP list. The list is located here and is in XML form.

https://aka.ms/site-recovery-public-ips

I have bounced around on some articles and tried to follow a few, but came up empty-handed.

The Node I have setup says it was successful, but with 0 indicators.

Is there a basic, grab the list from a website to Miner tutorial I can review?

Also, we are using the Minemeld with Autofocus, not sure if that helps or not.

Re: Azure Site Recovery Miner - XML source into Minemeld

xhoms — Thu, 20 Sep 2018 06:47:02 GMT

Hi @Jmarx1,

the fastest way to mine such a feed is using the "generic API classes" documented in the article Using MineMeld to extract indicators from a generic API

Unfortunatelly, there isn't a class for XML. But, for this specific feed, the HTTPFT class can do the job. You'd need, though, to create two miners: one for "ServiceIP" extraction and the other one for "MonitorIP"

HTTPFT configuration parameters for SeviceIP extraction:

indicator:
    regex: (ServiceIP[0-9]*>)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(<\/S)
    transform: \2

HTTPFT configuration parameters for MonitorIP extraction:

indicator:
    regex: (MonitoringIP[0-9]*>)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(<\/M)
    transform: \2

topic Re: Azure Site Recovery Miner - XML source into Minemeld in General Topics

Azure Site Recovery Miner - XML source into Minemeld

Re: Azure Site Recovery Miner - XML source into Minemeld