Re: configure airgapped miner for on premise minemeld

L1 Bithead

Re: configure airgapped miner for on premise minemeld

Hi guys,

we recently setup a minemeld server meant for a airgapped environment and we are trying to figure out how to setup a airgapped miner with the other information found here on customizing a miner.

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-Create-a-Custom-Miner/ta-p/...

 

is there any available article for a requirement to a airgapped setup for the miner as well as if the miner must use https/http to access the intell feeds or any other format eg:scp/ssh/smb will do? 

 

L5 Sessionator

Re: configure airgapped miner for on premise minemeld

Hi @Gerard_Ng,

 

unfortunately there isn't any "generic miner" capable of extracting indicators from local files (or network mounted files).

 

Option 1 is to code a new miner (either contributing to minemeld-core or creating a minemeld extension)

Option 2 is to use the "LocalDB" miner and push local indicators to it.

 

If you want to explore Option 2 then I'd recoment to take a look at the article https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-as-an-Incident-Response-Platfo... and to take a closer look to its Annex 2 where the API for the LocalDB Miner is explained. You could also leverage the minemeld-sync.py script created by @lmori that allows you to sync the LocalDB stored indicators with the ones present on a given local file.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!