Minemeld not pulling low and medium confidence feeds?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Minemeld not pulling low and medium confidence feeds?

L2 Linker

Hello,

 

My firewall is able to pull several feeds from our minemeld server. However, it is not pulling our Low and Medium Confidence inbound feeds. Worked with PA support and they said there must be something wrong with our Minemeld server and suggested I post a question here.

 

thanks!

17 REPLIES 17

L7 Applicator

Hi @BobHarrison,

could you share some more details like a screenshot of the NODES view ? Are there indicators in the MC and HC feeds ? What kind of indicators are we talking about ?

 

Thanks !

luigi

thanks for your reply! Here is a screenshot. Note that the high confidence feed is working fine, but the mc and lc are not.

 

feeds.PNG

 

Hi @BobHarrison,

the reason is that both inboundfeedlc and inboundfeedmc are empty, see the first column where you see 0 on both rows.

If you could attach the full graph I could give you a better suggestion, but if you are using the default configs all the indicators are marked High Confidence - i.e. with the default configinboundfeedlc and inboundfeedmc feeds are never populated.

 

If you add new Miners you should indicators fall in those feeds as well, check the tags associated to each Miner to see what kind of confidence is associated to the indicators.

Here is the full graph, is this what you were asking for? Not really sure how to add new miners.

 

Didn't show up last time, trying again with graph:

 

indicators.PNG

Hi @BobHarrison,

could we have a screenshot of the graph ? Go to NODES, select one of the nodes and then click on the graph tab on the left.

 

Thanks !

luigi

Thanks for all your help! Sorry, didn't get what graphs you meant at first. Here is one from the low confidence feed: 

 

lc.PNG

Hi @BobHarrison,

I didn't make myself clear, sorry. I meant the node connection graph, one tab below the one you just posted (the tab with a sort of fat asterisk on it).

 

Thanks!

lcfeed.PNG

Hi @BobHarrison,

the inboundfeecmc and inboundfeedhc are empty because all the Miners feeding those output nodes produce High Confidence indicators. 

 

luigi

Thanks, Luigi, how do I fix that? Or is that just how it operates? 

Hi @BobHarrison,

this is expected:

- in your configuration all the Miners attached to the inboundaggregator feeding inboundfeedmc and inboundfeedlc are producing only High Confidence indicators

- as High Confidence indicators are collected per design only by inboundfeedhc, inboundfeedmc and inboundfeedlc are left empty

 

When you will attach more Miners to inboundfeedaggregator, you could see inboundfeedmc and inboundfeedlc populated if the new Miners produce also medium confidence and low confidence indicators.

 

 

 

So I should just leave it this way? 

Yes, it's working as expected.

  • 8096 Views
  • 17 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!