Dear All Brothers,
I'm a new user to testing the MineMeld, but I cannot find any document to know the detail information.
In our environment testing, we would like to implement the Feed List to deny the traffic to a high-risk IP address and our testing, and we find below information is difficult to know the difference.
1. stdlib.feedHCGreen and stdlib.feedHCGreenWithValue
EDL for high confidence indicators (>75) and share level green, with value
What is the difference of with value or without value?
2. share_level (Red, Green, Yellow, Unknown)
Normally, you can use the Red, and Green for feed output, but the yellow comes from stdlib.listIPv4Generic
A. How to use the Yellow share level, and what is the main difference or propose of the share_level?
B. In Current MineMeld, you can generate and export the feed for Red, and Green. How about the Yellow or Unknow Share_Level?
which Miner is generating indicators with share level "Yellow"?
Looks like a bug, the right share level should be "amber": https://github.com/PaloAltoNetworks/minemeld-core/blob/master/docs/schema-indicator-0-1.json#L61
About with and without value, please just the ones "WithValue". WithValue means that both the indicators and its metadata (the "value") are stored in the feed, while the ones without value do not store metadata to save memory. The "WithValue" prototypes are more flexibile.
In MM 0.9.46 we have the "libraesva" miners prototypes. All of them with share level Yellow. But we don't have an output prototype with this share level. I tried to create a new one from std.feedHCGreen, but it doesn't allow to change the share level to Yellow.
What is the best way to create an output prototype with share level Yellow?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!