- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
we recently setup a minemeld server meant for a airgapped environment and we are trying to figure out how to setup a airgapped miner with the other information found here on customizing a miner.
is there any available article for a requirement to a airgapped setup for the miner as well as if the miner must use https/http to access the intell feeds or any other format eg:scp/ssh/smb will do?
unfortunately there isn't any "generic miner" capable of extracting indicators from local files (or network mounted files).
Option 1 is to code a new miner (either contributing to minemeld-core or creating a minemeld extension)
Option 2 is to use the "LocalDB" miner and push local indicators to it.
If you want to explore Option 2 then I'd recoment to take a look at the article https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-as-an-Incident-Response-Platfo... and to take a closer look to its Annex 2 where the API for the LocalDB Miner is explained. You could also leverage the minemeld-sync.py script created by @lmori that allows you to sync the LocalDB stored indicators with the ones present on a given local file.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!