Output node prototype that allows to specify file type (extension)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Output node prototype that allows to specify file type (extension)

L0 Member

We have product in place that requires the indicators to be in a text file and verifies if the file type extension is ".txt" ( --> e.g.  Pulling from https://ransomwaretracker.abuse.ch/downloads/CW_C2_URLBL.txt  diretly works but doesn't when pulling from Minemeld by using any standard EDL prototype --> ..feeds/feedHCWithValue-RSWT1 ). Does such a prototype exist or is there a workaround available?

2 REPLIES 2

L7 Applicator

May I know which product does this check?

One workaround would be configuring nginx to rewrite requests to /feeds/feedHCWithValue-RSWT1.txt to /feeds/feedHCWithValue-RSWT1

We could consider adding a feature to ignore the extension of a feed...

 

Luigi

Hi Luigi, 

Good idea. Thanks for the workaround, I'll give it a try. It's the Cisco Firepower Management Center (without the Threat Intelligence Director). In the long run we might consider using the Threat Intelligence Director that supports STIX/TAXII. 

Martin 

  • 2125 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!