IOCs. How can one create custom type?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

IOCs. How can one create custom type?

Hello,

 

The last couple of days I`m enjoying myself with the minemeld engine and I find it astonishing. I managed to create dynamic feeds from RIPE archives for some geolocation EDLs, will soon post them by the way. 

 

However, I would love to be able to define custom IOC types. For example - hash, filename, etc. This way much more information can be gathered and correlated to other types already present (e.g. url and domain). 

 

Fiddling around the source, the only definition of these (types) I`ve found is in the json schema. So should defining the type just there would be sufficient? I guess not? 

 

Can someone provide any guidelines or instructions on accomplishing this, if feasible at all?

 

Thanks,

Lyuben

2 REPLIES 2

L7 Applicator

Hi @Lyuben.Bahtarliev,

adding new types is extremely easy, you should be careful with some nodes where the processing dependes on type.

Could you open an issue on minemeld-core github repo (https://github.com/PaloAltoNetworks/minemeld-core) and specify the IOC types you would like to see supported ? This way we can track support for the new types there and add them in the next release. 

 

It would be awesome if you could also create a pull request with the RIPE feeds !

 

Thanks,

luigi

Hi @Lyuben.Bahtarliev,

FYI, if you were looking for file hashes I have just added them to the schema for the next release: https://github.com/PaloAltoNetworks/minemeld-core/pull/70

 

 

  • 4078 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!