Exclude IOC based on IDS flag or warninglist #8
Comments
TiagoSantos84
changed the title
|
Hi, I would like to configure the filter to avoid false positives such as "8.8.8.8" by using warninglists and/or IDS flag. From contributes of MISP comunity, I know that filter should be like: filters: It seems not working.. Any help is welcome! |
From my understanding, enforceWarningList: 1 is valid using the search function of PyMISP, but may not be a valid filter for this extension? @jtschichold or @scoggins may be able to confirm. I would love to see this option added as our MISP uses warning lists to cut down on false-positive IOCs from being exported. |
|
Hi, I ask some help again for this. There is no option to enforceWarninglist: 1 or to_ids: 1. You have the honour IDS flag, however it isn't working properly as well. honour IDS flag, if true only events with IDS set will be exportedhonour_ids_flag: true (It doesn't do anything). @jtschichold, Can you review the code of this miner to deal with warning lists and IDS flag? Thank you, |
|
Hi @TiagoSantos84, which version of MISP are you using? Which version of minemeld-misp? Thanks |
|
I'm using MISP version… v2.4.102 I know that to_ids is honoured, however I'm still receiving 8.8.8.8 on the output log nodes. Output node for siem isn't working as well ... or working with deep malfunction. Thank you for your repply. |
|
Can you confirm if enforceWarningList will work as a filter option on a MISP miner node, or will the extension need to be updated first? |
|
I'm trying to do the same using the enforceWarningList. |
No description provided.
The text was updated successfully, but these errors were encountered: