Who Me Too'd this topic

Below is a link of a test implementation as I learn Minemeld. I have read the following documentation.

Use Case

Using Desmito, we would like to submit IOCs to the stdlib.localDB miner. Based off of investigations, the analyst will determine the TTL (age_out) policy for the IOC. The default policy should be configured for a 24 hour TTL.

The test case, I am using 30-60 seconds TTL to test default TTL funcationality. However, I have been running into strange issues.

Test conditions requirements

1. Maintain a list of IOCs.
2. Remove IOCs which have expired. 

Test Diagram

Case #1

The following settings have been configured on stdlib.localDB.
Observed behavior:

1. Adding a new IOC after one has been added, will remove all previous IOCs. Resulting in the miner only ever having 1 IOC. Regardless of the expiration date.
2. Expiration does properly work.

Tests Done:

1. Attempted using default for age_out policy.
2. Attempted using a manual age_out TTL legnth.

Case #2

The following settings have been configured on stdlib.localDB-true.
Observed behavior:

1. Adding a new IOC after one has been added, will remove all previous IOCs. Resulting in the miner only ever having 1 IOC. Regardless of the expiration date.
2. Expiration does properly work.

Tests Done:

1. Attempted using default for age_out policy.
2. Attempted using a manual age_out TTL legnth.

Case #3

The following settings have been configured on stdlib.localDB-true.
Observed behavior:

1. Is able to maintain a list of IOCs. 
2. Expiration does not properly work.

Tests Done:

1. Attempted using default for age_out policy.
2. Attempted using a manual age_out TTL legnth.