This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Forseti
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Forseti
11-16-2016
5Posts
0Likes
0Solutions
Nov 16, 2016Last Visited
User
Activity
User
Profile
Latest posts by Forseti
| Subject | Views | Posted |
|---|---|---|
| 3546 | 11-15-2016 04:56 AM | |
| 3557 | 11-15-2016 12:54 AM | |
| 3730 | 11-15-2016 12:20 AM | |
| 2428 | 10-12-2016 03:25 AM | |
| 2442 | 10-12-2016 01:42 AM |
User Badges
Community Statistics
| Member Since | 10-12-2016 01:36 AM |
| Date Last Visited | 11-16-2016 03:49 AM |
| Posts | 5 |
11-15-2016
04:56 AM
Luigi, thank you for your help. For future reference: issue was caused by rabbitmq starting after minemeld had already started.
... View more
11-15-2016
12:54 AM
Hi Imori, The machine gets rebooted at night because as it seems that the minemeld process isn't stable. (I wasn't able to logon via the web gui after a couple of hours) I can't seem to stop it properly. Neither using 'sudo service mineld stop' nor via supervisord. I've already removed and reinstalled MineMeld completely but the issue seems to persist. However, that seems to be the root of this issue. And ofcourse, now that I try to mimick the behavior, it all goes well.. Will check back when a get a sample! Regards, Jan
... View more
11-15-2016
12:20 AM
Hi everyone, I am facing an issue that floods my output SIEM a little to often. The issue seems to be that the miner node is unable to register where it left of during the last check. Any tips on solving this? 2016-11-14T08:54:30 (17269)base.read_checkpoint ERROR: sslabusech_dyreblacklist - Error reading last checkpoint
Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.26/local/lib/python2.7/site-packages/minemeld/ft/base.py", line 245, in read_checkpoint
with open(self.name+'.chkp', 'r') as f:
IOError: [Errno 2] No such file or directory: 'sslabusech_dyreblacklist.chkp'
2016-11-14T08:54:30 (17269)base.state INFO: sslabusech_dyreblacklist - transitioning to state 1
2016-11-14T08:54:30 (17270)base.read_checkpoint ERROR: sslabusech_ipblacklist - Error reading last checkpoint
Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.26/local/lib/python2.7/site-packages/minemeld/ft/base.py", line 245, in read_checkpoint
with open(self.name+'.chkp', 'r') as f:
IOError: [Errno 2] No such file or directory: 'sslabusech_ipblacklist.chkp'
2016-11-14T08:54:30 (17270)base.state INFO: sslabusech_ipblacklist - transitioning to state 1
2016-11-14T08:54:30 (17270)base.read_checkpoint ERROR: openbl_base - Error reading last checkpoint Regards, Forseti
... View more
10-12-2016
01:42 AM
Hi everyone, I am currently working on connecting MineMeld with our SIEM solution. I however ran into a question. When receiving an update message it states which sources the IOC originated from, also if there are multiple. example: (binarydefense and badips) {"message":"{\"@indicator\":\"120.69.220.5-120.69.220.5\",\"direction\":\"inbound\",\"@origin\":\"IPv4_Aggregator\",\"type\":\"IPv4\",\"@timestamp\":\"2016-10-11T17:13:35.693563Z\",\"confidence\":50,\"share_level\":\"green\",\"sources\":[\"binarydefense.banlist\",\"badips.any_3\"],\"logstash_output_node\":\"Output-To-Logstash-5514\",\"message\":\"update\",\"@version\":1,\"first_seen\":\"2016-09-30T13:50:29.164000Z\",\"last_seen\":\"2016-09-30T13:50:34.330000Z\"}","@version":"1","@timestamp":"2016-10-11T15:13:35.693Z","host":"127.0.0.1","port":34402} However all withdraw messages I receive do not include this field. Question: are withdraw messages generated when the IOC is removed rom ALL sources or is a messages generated for each source individually? Regards, Forseti
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-16-2016
03:49 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks