11-01-2018 08:30 AM
I'm running into an issue where I can pull in indicators from autofocus by creating a minemeld miner, the only problem is that I am getting a lot of windows.com and microsoft.com domains in the list. I've had the search from autofocus entered as malicious/grayware/phishing, but still the miner is pulling in microsoft domains and windowsupadate.com domains that I want to ensure are always whitelisted. I have whitelist local miners that i can manually add these to, but how do I *.windowsupdate.com or *.microsoft.com these so I never see these in the list. These miners are useless to me if I can't more granularly control what is coming in on the list...
Solved! Go to Solution.
11-20-2018 08:10 AM - edited 11-20-2018 11:30 AM
I think that was it. Thank you.
Found it on one of your other posts:
I was using the below ouput:
Your saying that if I filter by output node, with confidence greater than 75 I should be good to go and not have to worry about these? Do you suggest specifying a Wildfire verdict in the search, or is that something that AF takes care of with confidence levels?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!