Azure Site Recovery Miner - XML source into Minemeld

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Site Recovery Miner - XML source into Minemeld

L1 Bithead

I'm looking to do, what I believe, would be a simple minor for Azure Site Recovery IP list.  The list is located here and is in XML form.  

 

https://aka.ms/site-recovery-public-ips


I have bounced around on some articles and tried to follow a few, but came up empty-handed.

The Node I have setup says it was successful, but with 0 indicators.

 

Is there a basic, grab the list from a website to Miner tutorial I can review?

Also, we are using the Minemeld with Autofocus, not sure if that helps or not.

1 REPLY 1

L5 Sessionator

Hi @Jmarx1,

 

the fastest way to mine such a feed is using the "generic API classes" documented in the article Using MineMeld to extract indicators from a generic API

 

Unfortunatelly, there isn't a class for XML. But, for this specific feed, the HTTPFT class can do the job. You'd need, though, to create two miners: one for "ServiceIP" extraction and the other one for "MonitorIP"

 

HTTPFT configuration parameters for SeviceIP extraction:

 

indicator:
    regex: (ServiceIP[0-9]*>)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(<\/S)
    transform: \2

 

HTTPFT configuration parameters for MonitorIP extraction:

 

indicator:
    regex: (MonitoringIP[0-9]*>)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(<\/M)
    transform: \2

 

  • 3606 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!