Minemeld
README
Palo Alto Minemeld
This responder sends observables you select to a Palo Alto Minemeld instance.
Requirements
The following options are required in the Palo Alto Minemeld Responder configuration:
minemeld_url : URL of the Minemeld instance to which you will be posting indicators minemeld_user: user accessing the Minemeld instanceminemeld_password: password for the user accessing the Minemeld instanceminemeld_indicator_list: name of Minemeld indicator list (already created in Minemeld)minemeld_share_level: share level for indicators (defaults to red)minemeld_confidence: confidence level for indicators (defaults to 100)minemeld_ttl: TTL for indicators (defaults to 86400 seconds)
Minemeld
Author: Wes Lambert, Security Onion Solutions
License: AGPL-V3
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: False
Subscription required: False
Free subscription: False
Third party service: https://github.com/PaloAltoNetworks/minemeld
Description
Submit indicator to Minemeld
Configuration
| minemeld_url |
URL for Minemeld instance |
| Default value if not configured |
https://x.x.x.x |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| minemeld_user |
User for Minemeld |
| Default value if not configured |
apiuser |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| minemeld_password |
Password for Minemeld |
| Default value if not configured |
password |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| minemeld_indicator_list |
Name of indicator list to which indicators will be added |
| Default value if not configured |
my_block_list |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| minemeld_share_level |
Share level for indicator |
| Default value if not configured |
red |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| minemeld_confidence |
Confidence level for indicator |
| Default value if not configured |
100 |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| minemeld_ttl |
TTL for indicator |
| Default value if not configured |
86400 |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |