how to add my own bulk IOCs into Minemeld

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how to add my own bulk IOCs into Minemeld

L2 Linker

Trying to find a way to do this with some of the miners but it seems that you can only add 1 indicator at a time.

2 REPLIES 2

L3 Networker

Clone a new indicator list from prototype 'stdlib.listIPv4Generic'. For example name it My_BlackList.

Create a new entry with the attributes you like.

Login to your minemeld console via ssh.

Have a look at your indicator list (be aware, the example is my list with my preferred attributes):

$ head /opt/minemeld/local/config/BlackList_indicators.yml
- {indicator: 60.190.98.50, share_level: red}
- {indicator: 60.7.70.94, share_level: red}
- {indicator: 91.148.217.244, share_level: red}
- {indicator: 123.183.209.138, share_level: red}

Create your indicator list in the same format (use awk or something like that).

Just copy the resulting file over the existing one. The MineMeld engine takes care of the new updates immediately

You may also just edit the indicator file wiht 'nano' or 'vi' an insert the indicators in correct format.

Always use the same format. Do not try to create a entries with differnet attributes. (of course you can do it for exercise and find out what's happening)

 

Cheers!

Klaus

Thanks!

  • 6596 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!