I'd like to start by saying, that this is an amazing tool! Thanks for sharing this, it has great potential and my customer is excited. One question: is there currently any support for creating and maintaining local IP and domain blocklists on the MineMeld? Instead of setting up a miner to go out and consume a feed, we'd like to be able to create and modify a static list locally, then publish it to firewalls as an EDL or DAG like other MineMeld outputs.
If this is already supported, how would I go about configuring it? If not, is it something we could add?
Solved! Go to Solution.
this is supported already. Just create a node based on stdlib.listDomainGeneric prototype to manage a static list of domains. For IPv4 you can use stdlib.listIPv4Generic, for IPv6 stdlib.listIPv6Generic.
DON'T USE NAME WITH PREFIX "wl" OTHERWISE THE AGGREGATOR WILL USE THE LIST AS WHITELISTS !
Thanks Luigi! That worked. It's interesting though, I had to use a Miner > Processor > Output. When I tried to use Miner > Output, the output would process and "withdraw" all of the indicators from the Miner. So are all three components required? I thought that it would be possible to point a Miner right at an Output.
I was using "Class = minemeld.ft.redis.RedisSet" and "Prototype = stdlib.feedHCGreen".
However, I found out the reason they were being withdrawn - I wasn't setting the "Share Level" of the indicators to Green (it was left blank). After deleting those indicators and adding them in with a share level, they show up even in the Miner > Output scenario. Thanks for your support!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!