Support for static local IP and Domain Lists

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Support for static local IP and Domain Lists

L3 Networker

I'd like to start by saying, that this is an amazing tool! Thanks for sharing this, it has great potential and my customer is excited. One question: is there currently any support for creating and maintaining local IP and domain blocklists on the MineMeld? Instead of setting up a miner to go out and consume a feed, we'd like to be able to create and modify a static list locally, then publish it to firewalls as an EDL or DAG like other MineMeld outputs.

 

If this is already supported, how would I go about configuring it? If not, is it something we could add?

 

Thanks!

Nasir

2 accepted solutions

Accepted Solutions

L7 Applicator

Hi Nasil,

this is supported already. Just create a node based on stdlib.listDomainGeneric prototype to manage a static list of domains. For IPv4 you can use stdlib.listIPv4Generic, for IPv6 stdlib.listIPv6Generic.

 

DON'T USE NAME WITH PREFIX "wl" OTHERWISE THE AGGREGATOR WILL USE THE LIST AS WHITELISTS !

 

HTH,

Luigi

View solution in original post

I was using "Class = minemeld.ft.redis.RedisSet" and "Prototype = stdlib.feedHCGreen".

 

However, I found out the reason they were being withdrawn - I wasn't setting the "Share Level" of the indicators to Green (it was left blank). After deleting those indicators and adding them in with a share level, they show up even in the Miner > Output scenario. Thanks for your support!

View solution in original post

4 REPLIES 4

L7 Applicator

Hi Nasil,

this is supported already. Just create a node based on stdlib.listDomainGeneric prototype to manage a static list of domains. For IPv4 you can use stdlib.listIPv4Generic, for IPv6 stdlib.listIPv6Generic.

 

DON'T USE NAME WITH PREFIX "wl" OTHERWISE THE AGGREGATOR WILL USE THE LIST AS WHITELISTS !

 

HTH,

Luigi

Thanks Luigi! That worked. It's interesting though, I had to use a Miner > Processor > Output. When I tried to use Miner > Output, the output would process and "withdraw" all of the indicators from the Miner. So are all three components required? I thought that it would be possible to point a Miner right at an Output.

 

Hi Nasil,

do you remember which Output prototype did you use for the Miner > Output test ?

 

luigi

I was using "Class = minemeld.ft.redis.RedisSet" and "Prototype = stdlib.feedHCGreen".

 

However, I found out the reason they were being withdrawn - I wasn't setting the "Share Level" of the indicators to Green (it was left blank). After deleting those indicators and adding them in with a share level, they show up even in the Miner > Output scenario. Thanks for your support!

  • 2 accepted solutions
  • 5059 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!