I'm running into an issue where I can pull in indicators from autofocus by creating a minemeld miner, the only problem is that I am getting a lot of windows.com and microsoft.com domains in the list. I've had the search from autofocus entered as malicious/grayware/phishing, but still the miner is pulling in microsoft domains and windowsupadate.com domains that I want to ensure are always whitelisted. I have whitelist local miners that i can manually add these to, but how do I *.windowsupdate.com or *.microsoft.com these so I never see these in the list. These miners are useless to me if I can't more granularly control what is coming in on the list...
Solved! Go to Solution.
I think that was it. Thank you.
Found it on one of your other posts:
I was using the below ouput:
Your saying that if I filter by output node, with confidence greater than 75 I should be good to go and not have to worry about these? Do you suggest specifying a Wildfire verdict in the search, or is that something that AF takes care of with confidence levels?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!