We’re looking the best way to use Graylog with MISP\TheHive etc and one thing we’d like to do is integrate some of our current threat feeds as lookup tables.
Currently we use MineMeld, which doesn’t seem to support a ‘per-IP’ query mode, so we’re trying to work out the best way we can import this data into GrayLog so we can use it in a pipeline/
Has anyone else tried this and have any thoughts on the best way?
Awesome. I must admit I’m not a Git user - does this imply that the MineMeld adapter is looking like it’ll be baked into the TIP plugin (if it’s accepted), or as a standalone solution?
As a FYI - and as it’s not actually that well advertised, there are some parameters you can feed MM to adjust the output, just incase that makes a Graylog adapter easier to work with:-