Lookup Tables \ TIP \ MineMeld

We’re looking the best way to use Graylog with MISP\TheHive etc and one thing we’d like to do is integrate some of our current threat feeds as lookup tables.

Currently we use MineMeld, which doesn’t seem to support a ‘per-IP’ query mode, so we’re trying to work out the best way we can import this data into GrayLog so we can use it in a pipeline/

Has anyone else tried this and have any thoughts on the best way?

Related PR:
https://github.com/Graylog2/graylog-plugin-threatintel/pull/101

Awesome. I must admit I’m not a Git user - does this imply that the MineMeld adapter is looking like it’ll be baked into the TIP plugin (if it’s accepted), or as a standalone solution?

As a FYI - and as it’s not actually that well advertised, there are some parameters you can feed MM to adjust the output, just incase that makes a Graylog adapter easier to work with:-

Rgds

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.