I noticed that some IP prototypes have a direction of inbound (spamhaus) while others are outbound (ransomwaretracker). What is the difference with respect to being able to use them in feeds for EDLs?
Solved! Go to Solution.
IP indicators, and only IP indicators, have an attribute called direction. This is used to specify if the IP is typically seen as a source of a session (direction = inbound) or as a destination ( ). This could be helpful when definining security policies to match IPs on sources or destination.
But if you prefer you can also ignore this attribute, as always with MineMeld it's up to you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!