This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Using MineMeld with MISP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using MineMeld with MISP

vhgambit
L1 Bithead

‎09-12-2018 08:25 PM

How can I pull the IOCs from MISP to MinMeld Plattform ?

Exist any extension to get the IOCs from MISP ?

4 people had this problem.
0 Likes Likes
13 REPLIES 13

Tony101
L0 Member
In response to TiagoSantos84

‎10-23-2020 07:19 AM

Hi thanks for the previous answer, it was really helpful.. I have another question re the output FEED BASE URL:

appending ?v=mwg&t=regex to the feed base url gives me the format i require e.g..

 

type=regex
"hxxp://badsite[.]biz/malware.html" "comment"

But what i really want to achieve is an * wildcard at the end of the string e.g.

"hxxp://badsite[.]biz/malware.html*" "comment"

 

Any ideas if this is do-able?

0 Likes Likes

Negin-Amou
L0 Member
In response to TiagoSantos84

‎11-17-2020 09:51 AM

Hi

we have recently installed MineMeld on our Linux server and after adding the MISP extension on MineMeld, I don't understand what it means by add your MISP URL. Is this URL found from MISP website or is it a URL we get after installing MISP. Between we haven't installed MISP as well. Is it required for the miner to work ? 

Another question I have is regarding the dynamic lists on MISP website. Do we add them with MISP miner or regular miners can pull them too?

I'm very new to MineMeld and I don't quite understand how to configure nodes. So I would appreciate if you could provide me a sample of a configuration for MISP feeds.

0 Likes Likes

TiagoSantos84
L1 Bithead
In response to Negin-Amou

‎11-17-2020 10:17 AM

Hi,

 

MISP url is the address of you MISP instance. So you need to install it, create a sync user and put the key of that user in the miner.

 

Please follow the links provided in previous posts.

 

Kind regards,

Tiago

0 Likes Likes

MScoppettuolo
L0 Member
In response to TiagoSantos84

‎08-20-2021 08:57 AM

Hi guys, but

source name, to identify the origin of the indicators inside MineMeld

 Source name is generic? Can i choose every name?

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks