IOC type email / Tags filter

[Feldunost]

There is currently an aggregator for email type on Minemeld, however the miner doesn't take any email from MISP source. It seems to support the following (as tested for now) : IPv4, Domain.

• Did someone succeed to get email as IOC type on minemeld from MISP source ?

On PyMISP documentation, i can see the support of "tags" in the API, and it works on old versions of MISP & PyMISP. However since i remade the MISP server to brand new with latest versions as of today, now, the "tag: 25" (example) filter is broken.

While for eventid it's working as intended except for emails IOCs :

filters : eventid : 38 interval : 900

For Tags it was working beforehand on old versions, and not anymore even with tags or named tag instead of numerical :

filters : tag : 25 interval : 900

- Did someone make it working for tag filtering on latest version ?

[Feldunost]

Filters type are listed in https://github.com/PaloAltoNetworks/minemeld-misp/blob/develop/mmmisp/node.py 👍

Doesn't contains email type, currently not a dev, so I can't give much more. https://***.***.***.**/attributes/bro/download/email

_MISP_TO_MINEMELD = { 'url': 'URL', 'domain': 'domain', 'hostname': 'domain', 'md5': 'md5', 'sha256': 'sha256', 'sha1': 'sha1', 'sha512': 'sha512', 'ssdeep': 'ssdeep', 'mutex': 'mutex', 'filename': 'file.name' }

[Tyrell20]

I have the same issue from MISP source. Minemeld is not able to recover IoC like mail. In addition taxii miner is not able to recognize mail as indicator. It seems that Minemeld is able only when type is email-addr. Is it possible to extend the parser in order to recognize the mail regardless of the type?