jtschichold
commented
5 years ago Hi @Nymeria1, could you check the indicators content? Are there some changes in the attributes between different copies of the same indicator?
Open Nymeria1 opened 6 years ago
jtschichold
commented
5 years ago Hi @Nymeria1, could you check the indicators content? Are there some changes in the attributes between different copies of the same indicator?
Hello guys, I have configured a miner in Minemeld to collect IOC's from MISP. The configuration used is below:
age_out default: null sudden_death: true interval: 10800 source_name: misp
Every three hours the polling sends IOC's to my logstash node. In SIEM I see same IOC with same tag,attribute and misp uid but with different timestamp (a few milliseconds of difference). There are duplicate event for me. I suppose the issue is in configuration of miner node. Could you help me to set it correctly to avoid this behavior?
Many thanks