minemeld and feeding info via CEF into ArcSight

Showing results for 
Search instead for 
Did you mean: 

minemeld and feeding info via CEF into ArcSight

L0 Member

Can you select formatting or would I need to create a wrapper that manipulates the data pushed by minemeld to forward in CEF?  Glad an opensource community on this exist for this.  Additionally I need an rpm based package or just a way to compile from source I am using CentOS any thoughts or is there a source package for this


L7 Applicator

Hi socfocus,

CEF output node is definitely on my todo list (see ER#39 at https://github.com/PaloAltoNetworks/minemeld-core/issues/39). I am looking of a good example on how to translate Threat Intelligence into CEF format, do you have something I could look at ?


Installation based on RPM is on the TODO list, shall be quite easy to accomplish.

Hi @socfocus.com,

starting with 0.9.32 you can use an external extension to achieve this:




Dear @lmori,

Is minemeld-cef extension support Hash aggregator processors (MD5, SHA256)?


Does minemeld-cef support all aggegators on minemeld?


Thank you

Hi @iThreatHunt,

this could be supported by changing the template, but in which CEF field would you put the hash indicator ?



Could MD5, SHA256 mapping with Device Custom String3?


Now Device Custom field is used

06-07-2017 10-23-53.jpg

I found some error when activate mindmeld-cef 0.17b. Pleas advise me.


Obtaining file:///opt/minemeld/local/library/7d86cdf2-c97e-4835-a5df-acdad36fd48d
    Complete output from command python setup.py egg_info:
    Unable to find pgen, not compiling formal grammar.
    warning: no files found matching '*.pyx' under directory 'Cython/Debugger/Tests'
    warning: no files found matching '*.pxd' under directory 'Cython/Debugger/Tests'
    warning: no files found matching '*.h' under directory 'Cython/Debugger/Tests'
    warning: no files found matching '*.pxd' under directory 'Cython/Utility'
    unable to execute 'x86_64-linux-gnu-gcc': No such file or directory
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/opt/minemeld/local/library/7d86cdf2-c97e-4835-a5df-acdad36fd48d/setup.py", line 50, in <module>
      File "/usr/lib/python2.7/distutils/core.py", line 111, in setup
        _setup_distribution = dist = klass(attrs)
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/setuptools/dist.py", line 320, in __init__
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/setuptools/dist.py", line 377, in fetch_build_eggs
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 852, in resolve
        dist = best[req.key] = env.best_match(req, ws, installer)
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1124, in best_match
        return self.obtain(req, installer)
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1136, in obtain
        return installer(requirement)
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/setuptools/dist.py", line 445, in fetch_build_egg
        return cmd.easy_install(req)
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 673, in easy_install
        return self.install_item(spec, dist.location, tmpdir, deps)
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 699, in install_item
        dists = self.install_eggs(spec, download, tmpdir)
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 880, in install_eggs
        return self.build_and_install(setup_script, setup_base)
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1119, in build_and_install
        self.run_setup(setup_script, setup_base, args)
      File "/opt/minemeld/engine/0.9.40/local/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1107, in run_setup
        raise DistutilsError("Setup script exited with %s" % (v.args[0],))
    distutils.errors.DistutilsError: Setup script exited with error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
Command "python setup.py egg_info" failed with error code 1 in /opt/minemeld/local/library/7d86cdf2-c97e-4835-a5df-acdad36fd48d/

08-07-2017 21-23-47.jpg

Hi @iThreatHunt,

installing minemeld-cef from source requires a compiler, and this is not available by default on MineMeld VMs (security).

You can instead download the wheel file from here:



And upload it to MineMeld via SYSTEM > EXTENSIONS page.

L1 Bithead

is there any CEF output that mine meld generate?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!