https://live.paloaltonetworks.com/t5/general-topics/iocs-how-can-one-create-custom-type/m-p/119402#M99786 <P>Hello,</P> <P>&nbsp;</P> <P>The last couple of days I`m enjoying myself with the minemeld engine and I find it astonishing. I managed to create dynamic feeds from RIPE archives for some geolocation EDLs, will soon post them by the way.&nbsp;</P> <P>&nbsp;</P> <P>However, I would love to be able to define custom IOC types. For example - hash, filename, etc. This way much more information can be gathered and correlated to other types already present (e.g. url and domain).&nbsp;</P> <P>&nbsp;</P> <P>Fiddling around the source, the only definition of these (types) I`ve found is in the json schema. So should defining the type just there would be sufficient? I guess not?&nbsp;</P> <P>&nbsp;</P> <P>Can someone provide any guidelines or instructions on accomplishing this, if feasible at all?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Lyuben</P> Sun, 16 Oct 2016 15:14:58 GMT Lyuben.Bahtarliev 2016-10-16T15:14:58Z https://live.paloaltonetworks.com/t5/general-topics/iocs-how-can-one-create-custom-type/m-p/119402#M99786 <P>Hello,</P> <P>&nbsp;</P> <P>The last couple of days I`m enjoying myself with the minemeld engine and I find it astonishing. I managed to create dynamic feeds from RIPE archives for some geolocation EDLs, will soon post them by the way.&nbsp;</P> <P>&nbsp;</P> <P>However, I would love to be able to define custom IOC types. For example - hash, filename, etc. This way much more information can be gathered and correlated to other types already present (e.g. url and domain).&nbsp;</P> <P>&nbsp;</P> <P>Fiddling around the source, the only definition of these (types) I`ve found is in the json schema. So should defining the type just there would be sufficient? I guess not?&nbsp;</P> <P>&nbsp;</P> <P>Can someone provide any guidelines or instructions on accomplishing this, if feasible at all?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Lyuben</P> Sun, 16 Oct 2016 15:14:58 GMT https://live.paloaltonetworks.com/t5/general-topics/iocs-how-can-one-create-custom-type/m-p/119402#M99786 Lyuben.Bahtarliev 2016-10-16T15:14:58Z https://live.paloaltonetworks.com/t5/general-topics/iocs-how-can-one-create-custom-type/m-p/119411#M99787 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/48740">@Lyuben.Bahtarliev</a>,</P> <P>adding new types is extremely easy, you should be careful with some nodes where the processing dependes on type.</P> <P>Could you open an issue on minemeld-core github repo (<A href="https://github.com/PaloAltoNetworks/minemeld-core" target="_blank">https://github.com/PaloAltoNetworks/minemeld-core</A>) and specify the IOC types you would like to see supported ? This way we can track support for the new types there and add them in the next release.&nbsp;</P> <P>&nbsp;</P> <P>It would be awesome if you could also create a pull request with the RIPE feeds !</P> <P>&nbsp;</P> <P>Thanks,</P> <P>luigi</P> Sun, 16 Oct 2016 20:54:10 GMT https://live.paloaltonetworks.com/t5/general-topics/iocs-how-can-one-create-custom-type/m-p/119411#M99787 lmori 2016-10-16T20:54:10Z https://live.paloaltonetworks.com/t5/general-topics/iocs-how-can-one-create-custom-type/m-p/120063#M99788 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/48740">@Lyuben.Bahtarliev</a>,</P> <P>FYI, if you were looking for file hashes I have just added them to the schema for the next release: <A href="https://github.com/PaloAltoNetworks/minemeld-core/pull/70" target="_self">https://github.com/PaloAltoNetworks/minemeld-core/pull/70</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 19 Oct 2016 04:46:54 GMT https://live.paloaltonetworks.com/t5/general-topics/iocs-how-can-one-create-custom-type/m-p/120063#M99788 lmori 2016-10-19T04:46:54Z