Azure Site Recovery Miner - XML source into Minemeld

L1 Bithead

Azure Site Recovery Miner - XML source into Minemeld

I'm looking to do, what I believe, would be a simple minor for Azure Site Recovery IP list.  The list is located here and is in XML form.

I have bounced around on some articles and tried to follow a few, but came up empty-handed.

The Node I have setup says it was successful, but with 0 indicators.


Is there a basic, grab the list from a website to Miner tutorial I can review?

Also, we are using the Minemeld with Autofocus, not sure if that helps or not.

L5 Sessionator

Re: Azure Site Recovery Miner - XML source into Minemeld

Hi @Jmarx1,


the fastest way to mine such a feed is using the "generic API classes" documented in the article Using MineMeld to extract indicators from a generic API


Unfortunatelly, there isn't a class for XML. But, for this specific feed, the HTTPFT class can do the job. You'd need, though, to create two miners: one for "ServiceIP" extraction and the other one for "MonitorIP"


HTTPFT configuration parameters for SeviceIP extraction:


    regex: (ServiceIP[0-9]*>)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(<\/S)
    transform: \2


HTTPFT configuration parameters for MonitorIP extraction:


    regex: (MonitoringIP[0-9]*>)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(<\/M)
    transform: \2


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!