Skip to content
This repository has been archived by the owner on Feb 2, 2024. It is now read-only.

Miner to pull everything from MISP #5

Open
TiagoSantos84 opened this issue May 10, 2018 · 2 comments
Open

Miner to pull everything from MISP #5

TiagoSantos84 opened this issue May 10, 2018 · 2 comments

Comments

@TiagoSantos84
Copy link

I'm struggling by getting everything from MISP.

I think that this miner is not pulling from Misp every events. I would like to pull everything by ignoring the TLPs or the share level.

It's possible?

Thank you!
@jtschichold
Copy link
Member

Hi @TiagoSantos84,
please check this prototype for an example on how to set the filter to None to pull all the events: https://github.com/PaloAltoNetworks/minemeld-misp/blob/develop/mmmisp/prototypes/misp.yml#L45

@TiagoSantos84
Copy link
Author

Hi @jtschichold,

Thank you for your input. I have been testing and analyses the result...

Now, because I need to put all the IOCs on SIEM I need to remove all of those that are in the warning lists to avoid well known IP, Domains, Url and so on..

Thank you!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jtschichold @TiagoSantos84