Output node prototype that allows to specify file type (extension)

L0 Member

Output node prototype that allows to specify file type (extension)

We have product in place that requires the indicators to be in a text file and verifies if the file type extension is ".txt" ( --> e.g.  Pulling from https://ransomwaretracker.abuse.ch/downloads/CW_C2_URLBL.txt  diretly works but doesn't when pulling from Minemeld by using any standard EDL prototype --> ..feeds/feedHCWithValue-RSWT1 ). Does such a prototype exist or is there a workaround available?

L7 Applicator

Re: Output node prototype that allows to specify file type (extension)

May I know which product does this check?

One workaround would be configuring nginx to rewrite requests to /feeds/feedHCWithValue-RSWT1.txt to /feeds/feedHCWithValue-RSWT1

We could consider adding a feature to ignore the extension of a feed...

 

Luigi

L0 Member

Re: Output node prototype that allows to specify file type (extension)

Hi Luigi, 

Good idea. Thanks for the workaround, I'll give it a try. It's the Cisco Firepower Management Center (without the Threat Intelligence Director). In the long run we might consider using the Threat Intelligence Director that supports STIX/TAXII. 

Martin 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!