how to add my own bulk IOCs into Minemeld

lgiancaterini — Wed, 25 Jan 2017 18:27:02 GMT

Trying to find a way to do this with some of the miners but it seems that you can only add 1 indicator at a time.

Re: how to add my own bulk IOCs into Minemeld

KlausGroeger — Sat, 28 Jan 2017 20:54:13 GMT

Clone a new indicator list from prototype 'stdlib.listIPv4Generic'. For example name it My_BlackList.

Create a new entry with the attributes you like.

Have a look at your indicator list (be aware, the example is my list with my preferred attributes):

$ head /opt/minemeld/local/config/BlackList_indicators.yml
- {indicator: 60.190.98.50, share_level: red}
- {indicator: 60.7.70.94, share_level: red}
- {indicator: 91.148.217.244, share_level: red}
- {indicator: 123.183.209.138, share_level: red}

Create your indicator list in the same format (use awk or something like that).

Just copy the resulting file over the existing one. The MineMeld engine takes care of the new updates immediately

You may also just edit the indicator file wiht 'nano' or 'vi' an insert the indicators in correct format.

Always use the same format. Do not try to create a entries with differnet attributes. (of course you can do it for exercise and find out what's happening)

Cheers!

Klaus

Re: how to add my own bulk IOCs into Minemeld

lgiancaterini — Wed, 01 Feb 2017 12:58:44 GMT

Thanks!

topic how to add my own bulk IOCs into Minemeld in General Topics

how to add my own bulk IOCs into Minemeld

Re: how to add my own bulk IOCs into Minemeld

Re: how to add my own bulk IOCs into Minemeld