The default config provides a graph for handling inbound IPv4 Threat Indicators, IPv4 addresses related to suspicious inbound activities like brute forcing on scanning. In this article we will add a new Miner to this graph.
Click on CONFIG in the top navigation bar.
And press + to add the node.
Select the PROTOTYPE, and leave the INPUTS field empty. Enable the OUTPUT. Press OK when done.
Note. if you leave the pointer on a prototype a tooltip appears with the description of the prototype.
Now you have created a new Miner in the candidate config, but the Miner is not linked to any downstream node.
Click on the INPUTS field of the inboundaggregator node and add the new Miner to the list. Press OK when done.
Now you should have a new Miner connected to the inboundaggregator.
Press COMMIT to apply the config.
Click SYSTEM in the top navigation bar to check the engine status. It should stop and then start.
The processing graph after the change should look like this: