Hello.
I am absolutiely locked trying to send a single IP to minemeld (as an indicator) from a script.
Some help or tips will be very appreciated:
I want to add a single IP via API to Minemeld
I figure out (I haven't found documentation) I need a miner to receive it.
So I have created a Miner:
- Miner Name: LISTENER_IPV4
- Class: minemeld.ft.local. YamlIPv4FT
- Prototype: stdlib.listIPv4Generic
- Confidence: 100
- share_level: red
- interval 3600
Created a user too
- username: feeds
- password: feeds
and disabled Minemeld API Auth
API_AUTH_ENABLED: false
I send this data:
headers = { "Content-Type": "application/json" }
auth = ("feeds","feeds")
payload = {
"indicator": "8.8.8.8",
"type": "IPv4",
"comment": "test comment",
"share_level": "red",
"confidence": "100",
"ttl": "86400"
}
r = requests.post(https://minemeld.host/config/data/LISTENER_IPV4_indicators/append?h=LISTENER_IPV4&t=localdb,data=json.dumps(payload),headers=headers,auth=auth,verify=False)
and these are the log lines in /opt/minemeld/log/minemeld-web.log
[2020-03-20 14:03:49 CET] [5815] [INFO] AUDIT - {"msg": null, "action": "POST /config/data/LISTENER_IPV4_indicators/append", "params": [["value:h", ["LISTENER_IPV4"]], ["value:t", ["localdb"]], ["jsonbody", "{\"comment\": \"test comment\", \"indicator\": \"8.8.8.8\", \"confidence\": \"100\", \"share_level\": \"red\", \"ttl\": \"86400\", \"type\": \"IPv4\"}"]], "user": "admin/feeds"}
[2020-03-20 14:03:49 CET] [5815] [DEBUG] RPC sent to mbus:directslave:LISTENER_IPV4:rpc for method hup
127.0.0.1 - feeds [20/Mar/2020:14:03:49 +0100] "POST /config/data/LISTENER_IPV4_indicators/append?h=LISTENER_IPV4&t=localdb HTTP/1.0" 200 21 "-" "python-requests/2.23.0"
But nothing happens and the IP is not showed in the miner indicators
I am aware there is something wrong in the configuration or in the data, of course, but I don't know how to trace or how can I debug or get directions to research.
Some tips from community?
Thank you
Regards,
Juan
... View more