The default config provides a graph for handling inbound IPv4 Threat Indicators, IPv4 addresses related to suspicious inbound activities like brute forcing on scanning. In this article we will add a new Miner to this graph.
1. Adding a Miner
Click on CONFIG in the top navigation bar.
And press + to add the node.
2. Configuring the Miner
Select the PROTOTYPE, and leave the INPUTS field empty. Enable the OUTPUT. Press OK when done.
Note. if you leave the pointer on a prototype a tooltip appears with the description of the prototype.
3. Linking the Miner to the aggregator
Now you have created a new Miner in the candidate config, but the Miner is not linked to any downstream node.
Click on the INPUTS field of the inboundaggregator node and add the new Miner to the list. Press OK when done.
4. Commit the config
Now you should have a new Miner connected to the inboundaggregator.
Press COMMIT to apply the config.
5. Check the engine status
Click SYSTEM in the top navigation bar to check the engine status. It should stop and then start.
The processing graph after the change should look like this: