We have product in place that requires the indicators to be in a text file and verifies if the file type extension is ".txt" ( --> e.g. Pulling from https://ransomwaretracker.abuse.ch/downloads/CW_C2_URLBL.txt diretly works but doesn't when pulling from Minemeld by using any standard EDL prototype --> ..feeds/feedHCWithValue-RSWT1 ). Does such a prototype exist or is there a workaround available?
May I know which product does this check?
One workaround would be configuring nginx to rewrite requests to /feeds/feedHCWithValue-RSWT1.txt to /feeds/feedHCWithValue-RSWT1
We could consider adding a feature to ignore the extension of a feed...
Good idea. Thanks for the workaround, I'll give it a try. It's the Cisco Firepower Management Center (without the Threat Intelligence Director). In the long run we might consider using the Threat Intelligence Director that supports STIX/TAXII.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!