Hi @slp-security ,
I don't know if I understand your question, but you need to use your MISP url.
# source name, to identify the origin of the indicators inside MineMeld source_name: misp.test # URL of MISP url: https://misp.example.co
Please be more specific.
It really depends on how the receiver deal with data. There is some platforms that will update the list of IoCs after some amount of time. On the other hand you can try to disable IDS flag on the MISP and delete the IoC on the destination that already receive the IoC as black list.
However, you just need to remove IDS flag if you don't have the enforcewarninglist flag active on the query and if you don't have any warninglist feed active.
Please take a look on this:
Hope that you can manage it. It's really hard to deal with false positives!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!