how to add my own bulk IOCs into Minemeld

Reply
L2 Linker

how to add my own bulk IOCs into Minemeld

Trying to find a way to do this with some of the miners but it seems that you can only add 1 indicator at a time.

Highlighted
L3 Networker

Re: how to add my own bulk IOCs into Minemeld

Clone a new indicator list from prototype 'stdlib.listIPv4Generic'. For example name it My_BlackList.

Create a new entry with the attributes you like.

Login to your minemeld console via ssh.

Have a look at your indicator list (be aware, the example is my list with my preferred attributes):

$ head /opt/minemeld/local/config/BlackList_indicators.yml
- {indicator: 60.190.98.50, share_level: red}
- {indicator: 60.7.70.94, share_level: red}
- {indicator: 91.148.217.244, share_level: red}
- {indicator: 123.183.209.138, share_level: red}

Create your indicator list in the same format (use awk or something like that).

Just copy the resulting file over the existing one. The MineMeld engine takes care of the new updates immediately

You may also just edit the indicator file wiht 'nano' or 'vi' an insert the indicators in correct format.

Always use the same format. Do not try to create a entries with differnet attributes. (of course you can do it for exercise and find out what's happening)

 

Cheers!

Klaus

L2 Linker

Re: how to add my own bulk IOCs into Minemeld

Thanks!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!