How to add feed for github IPs?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to add feed for github IPs?

L4 Transporter

Little confused on how I actually do this. I want a list generated on minemeld from the following page: https://api.github.com/meta

 

How do I go about making it so that list is referenced via a policy to allow github APP to that list of IPs?  I am already using minemeld for o365 but that was canned and this isn't.  Appreciate any help anyone can provide.

 

Thanks 

6 REPLIES 6

L1 Bithead

not sure if you find the solution. here is the setup for the miner

KasiWong_0-1580747152916.png

 

Thanks man, will configure and let you know how it goes.

 

 

Did you manually add that or import it?  If manually can you copy/paste the syntax used to create it?  I tried to create a new miner using those same settings but it won't let me save it and I am not sure why. IE the OK box has a red circle with a line through it so I am doing something wrong.  

 

miner-github.png

here is the code: seems like missing single quote around the extractor.

extractor: '*[].{indicator:@}'
indicator: indicator
url: https://api.github.com/meta

Thanks that worked.  

 

How do I get a FEED BASE URL configured for this?  The goal there is to reference the list of github IPs via an EDL.  

then you create a regular IP aggregator:

stdlib.aggregatorIPv4Generic

then output: 

stdlib_feedHCGreenWithValue-IPv4

please refer to this thread: the idea is similar, his example is URL

https://live.paloaltonetworks.com/t5/Featured-Articles/Using-Custom-Indicators-with-MineMeld/ta-p/24...

  • 6244 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!