Hi,
I'm fairly new to Minemeld so trying to figure out a few things I seem to be stuck on. We currently pull Office365 URLs into Panorama as an EDL and I am trying to append a \ to the end of every URL in the EDL within Minemeld. I went over the documentation and tried it but it isn't working for me. Not sure if I am missing something here but based on this guide: https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-Create-a-Custom-Miner/ta-p/227694
I went ahead and created a new prototype based off the o365-api_worldwide-any and added my regex expression to basically append a / to the end of every URL.
age_out: default: null interval: 1800 sudden_death: true attributes: confidence: 100 share_level: green indicator: regex: '[\S+]' transform: $&\/ instance: Worldwide service_areas: null
I applied this to a new node (miner), then created a new processor that uses the stdlib.aggregatorURL prototype with the new miner I created as the input for the processor. Finally an Output with prototype minemeldlocal.stdlib-Green.
Doesn't seem to work, I did try testing out a few things and added the same express to the process and output but no luck. Not sure what might be missing.
Any help is appreciated.
Thank you
Moe
... View more
