About KOFFENBACK

Below is a link of a test implementation as I learn Minemeld. I have read the following documentation.   Use Case   Using Desmito, we would like to submit IOCs to the stdlib.localDB miner. Based off of investigations, the analyst will determine the TTL (age_out) policy for the IOC. The default policy should be configured for a 24 hour TTL. The test case, I am using 30-60 seconds TTL to test default TTL funcationality. However, I have been running into strange issues.   Test conditions requirements Maintain a list of IOCs. Remove IOCs which have expired.    Test Diagram   Case #1   The following settings have been configured on stdlib.localDB. Observed behavior: Adding a new IOC after one has been added, will remove all previous IOCs. Resulting in the miner only ever having 1 IOC. Regardless of the expiration date. Expiration does properly work. Tests Done: Attempted using default for age_out policy. Attempted using a manual age_out TTL legnth.     Case #2   The following settings have been configured on stdlib.localDB-true. Observed behavior: Adding a new IOC after one has been added, will remove all previous IOCs. Resulting in the miner only ever having 1 IOC. Regardless of the expiration date. Expiration does properly work. Tests Done: Attempted using default for age_out policy. Attempted using a manual age_out TTL legnth.   Case #3   The following settings have been configured on stdlib.localDB-true. Observed behavior: Is able to maintain a list of IOCs.  Expiration does not properly work. Tests Done: Attempted using default for age_out policy. Attempted using a manual age_out TTL legnth. ... View more