Deleting customize Prototype in Minemeld

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Deleting customize Prototype in Minemeld

L2 Linker

Hi Minemeld Team,

 

Able to provide steps to delete customize Prototype in minemeld? As I don't see it in the Minemeld webui.

 

Thanks alot.

 

Thanks

Darren koh

1 accepted solution

Accepted Solutions

L7 Applicator

Hi Darren,

there is no way to accomplish this via the Web UI currently (MM v 0.9.22). But is quite easy to do it via shell.

 

Local prototypes are stored in a file called /opt/minemeld/local/prototypes/minemeldlocal.yml:

  • If you want to remove all the local prototypes just delete the file and hit the refresh button on your browser to force a refresh of the prototypes library.
  • If instead you want to remove a single prototype, open the file with a text editor (vim or nano) like 
    sudo -u mineneld vi /opt/minemeld/local/prototypes/minemeldlocal.yml
    The file has section with a list of prototypes:
    author: minemeld-web
    description: Local prototype library managed via MineMeld WebUI
    prototypes:
    alienvault_reputation-1473670903364:
    class: minemeld.ft.csv.CSVFT
    config:
    attributes:
    confidence: 80
    share_level: green
    type: IPv4
    delimiter: '#'
    fieldnames:
    - indicator
    - alienvault_reliability
    - alienvault_risk
    - alienvault_type
    interval: 3600
    source_name: alienvault.reputation
    url: http://reputation.alienvault.com/reputation.data
    description: this just catches everything
    development_status: EXPERIMENTAL
    node_type: miner
    prototype-2:
    [...]
    To remove a prototype, just remove it from the list, save the file and hit refresh on the browser:
    author: minemeld-web
    description: Local prototype library managed via MineMeld WebUI
    prototypes:
    prototype-2:
    [...]

 

View solution in original post

4 REPLIES 4

L7 Applicator

Hi Darren,

there is no way to accomplish this via the Web UI currently (MM v 0.9.22). But is quite easy to do it via shell.

 

Local prototypes are stored in a file called /opt/minemeld/local/prototypes/minemeldlocal.yml:

  • If you want to remove all the local prototypes just delete the file and hit the refresh button on your browser to force a refresh of the prototypes library.
  • If instead you want to remove a single prototype, open the file with a text editor (vim or nano) like 
    sudo -u mineneld vi /opt/minemeld/local/prototypes/minemeldlocal.yml
    The file has section with a list of prototypes:
    author: minemeld-web
    description: Local prototype library managed via MineMeld WebUI
    prototypes:
    alienvault_reputation-1473670903364:
    class: minemeld.ft.csv.CSVFT
    config:
    attributes:
    confidence: 80
    share_level: green
    type: IPv4
    delimiter: '#'
    fieldnames:
    - indicator
    - alienvault_reliability
    - alienvault_risk
    - alienvault_type
    interval: 3600
    source_name: alienvault.reputation
    url: http://reputation.alienvault.com/reputation.data
    description: this just catches everything
    development_status: EXPERIMENTAL
    node_type: miner
    prototype-2:
    [...]
    To remove a prototype, just remove it from the list, save the file and hit refresh on the browser:
    author: minemeld-web
    description: Local prototype library managed via MineMeld WebUI
    prototypes:
    prototype-2:
    [...]

 

It works, thank you for your support again. 😃

Hi Luigi,

 

I am using Minemeld Version: 0.9.16 through the path below to remove the prototype:

 

$sudo -u minemeld vi /opt/minemeld/prototype/current/minemeld.local.tml

 

Thanks

Darren Koh

Hi Darren,

if you still running 0.9.16 my suggestion is to copy the minemeldlocal.yml file to /opt/minemeld/local/prototypes directory and then run the instructions to upgrade to the new updating system:

https://live.paloaltonetworks.com/t5/MineMeld-Discussions/What-s-new-in-MineMeld-0-9-18/m-p/98409#U9...

  • 1 accepted solution
  • 4829 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!