DHS AIS Miner

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DHS AIS Miner

L1 Bithead

Has anyone gotted the DHS AIS Miner working in MineMeld? We have an account with DHS and I configured the Miner with our subscription id as well as our certs. The miner shows all green (see attached screen-shtot), but I am not getting any indicators. Not sure what I am doing wrong, and DHS doesn't support MineMeld. I noticed that Unit 42 wrote the prototype, so I was hoping one of them might be able to answer my post and point me in the right direction.

 

TIA,

Jon

14 REPLIES 14

L7 Applicator

Hi @Jon_Irish,

if you click on the stats of the Miner, do you see error counters incrementing?

 

luigi

Hi Luigi,

No, the error counters typically stay at 2 or 4 and never move from there. I am working with Dan James on this, and it appears that the feed we are getting from DHS has ACS/ISA markings, and MineMeld does not support them. Dan is working on some new code to add the support and he was able to get a subscription to the feed in question, so I think that we will probably get this working shortly.

 

Jon

Hi John how was the integration setup? Are you only pulling data or you are pushing data too. Could you provide quick summary? Cert sharing setup etc.

Hello,

Currently we do not have this working. As soon as we get it working, DHS has asked me to write documentation for the process. I will also try to remember to post the write up here as well.

Hi Luigi,

Dan James mentioned that you might  be able to help me with a request I have. I am looking for a document that describes the entire makeup of the .yml file itself as well as all the possible options that can go into a prototype.

 

Thanks,

Jon

Hi all,

 

Any update on this?

Here is the latest... I am working with one of the PA engineers on this. It appears that the Federal feed uses ACS/ISA markings and MineMeld does not support them. The PA engineer wrote some new code for this support and it was approved by the package maintainers and he is waiting for them to be merged into the code. No eta on when this will happen. We are making progress!

 

Jon

Hi any update on this?

 

I was working with DHS to onboard and we have just purchased the certificate for this service.

Any progress from your side?

I heard from my contact at Palo Alto last week, and his code for support of the markings in the FEDGOV collection was approved and is waiting for the next release cycle to be pushed out. Once I get the updated code, I'll test everything and update this thread.

 

Jon

Here is working fine....

My problem was that we were using a special feed (FedGov) as we are a gov't entity. PaloAlto had to write some new code to get it to work. Last week's update included that code, and it is now working fine for us as well.

 

Last week, PaloAlto released MineMeld 0.9.48. If you are a gov't subscriber trying to use the FedGov feed, update to this release, and it should now work for you.

 

Jon

So the DHS FEDGOV feed is "officially" working with MineMeld v0.9.48! I have had it up and running all week, and I current have over 17K "indicators" in MineMeld from the dhs.FEDGOV feed.

 

If you are a government entity and want to utilize the DHS TAXII feed with MineMeld, make sure that you are running at least v0.9.48 and make sure that you select the dhs.FEDGOV prototype. You will also need a valid DoD cer6tificate for your MineMeld sever (a self-signed cert will NOT work).

 

Jon

anyone know if a wildcard cert will work for this? 

Hi,

 

I'm new to MineMeld and trying to get the DHS AIS feed setup, but I'm a little confused as how to configure my certs and subscription ID. I don't see a way to do so. 

 

Is there a guide for this?

  • 17057 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!