05-15-2018 05:52 PM
I have an IP IoC feed that I would like to ingest and re-publish via MM.
The feed is ordered by priority i.e. earlier addresses are newer\more active\higher risk, but if I ingest and publish (miner -> output) it is re-ordered by numeric order. Is there any way to prevent this and maintain the initial order?
Technically I have a way around it by inserting another solution between the original source and MM (ultimately I'm trying to limit the number of IoC's as there are more than we can ingest into our PA's and I was using the ?n=x option) but it's a bit clunky!
05-16-2018 09:21 AM
is it a plain list? no attributes attached to the indicators other than its possition in the list to indicate its relative risk?
If it is just a list over HTTP then you could think on extending the HttpFT class to attach to each indicator a numerical attribute with its order position value. And then use this value as an input filter criteria in the output node (i.e. order < 100)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
