Miner to pull everything from MISP

PaloAltoNetworks / minemeld-misp

MineMeld nodes for MISP

Apache License 2.0

18 stars 16 forks source link

Miner to pull everything from MISP #5

Open TiagoSantos84 opened 6 years ago

TiagoSantos84 commented 6 years ago

I'm struggling by getting everything from MISP.

I think that this miner is not pulling from Misp every events. I would like to pull everything by ignoring the TLPs or the share level.

It's possible?

Thank you!

jtschichold commented 5 years ago

Hi @TiagoSantos84, please check this prototype for an example on how to set the filter to None to pull all the events: https://github.com/PaloAltoNetworks/minemeld-misp/blob/develop/mmmisp/prototypes/misp.yml#L45

TiagoSantos84 commented 5 years ago

Hi @jtschichold,

Thank you for your input. I have been testing and analyses the result...

Now, because I need to put all the IOCs on SIEM I need to remove all of those that are in the warning lists to avoid well known IP, Domains, Url and so on..

Thank you!