IOCs. How can one create custom type?

Reply

IOCs. How can one create custom type?

Hello,

 

The last couple of days I`m enjoying myself with the minemeld engine and I find it astonishing. I managed to create dynamic feeds from RIPE archives for some geolocation EDLs, will soon post them by the way. 

 

However, I would love to be able to define custom IOC types. For example - hash, filename, etc. This way much more information can be gathered and correlated to other types already present (e.g. url and domain). 

 

Fiddling around the source, the only definition of these (types) I`ve found is in the json schema. So should defining the type just there would be sufficient? I guess not? 

 

Can someone provide any guidelines or instructions on accomplishing this, if feasible at all?

 

Thanks,

Lyuben

Tags (2)
L7 Applicator

Re: IOCs. How can one create custom type?

Hi @Lyuben.Bahtarliev,

adding new types is extremely easy, you should be careful with some nodes where the processing dependes on type.

Could you open an issue on minemeld-core github repo (https://github.com/PaloAltoNetworks/minemeld-core) and specify the IOC types you would like to see supported ? This way we can track support for the new types there and add them in the next release. 

 

It would be awesome if you could also create a pull request with the RIPE feeds !

 

Thanks,

luigi

L7 Applicator

Re: IOCs. How can one create custom type?

Hi @Lyuben.Bahtarliev,

FYI, if you were looking for file hashes I have just added them to the schema for the next release: https://github.com/PaloAltoNetworks/minemeld-core/pull/70

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!