diff --git a/responders/Minemeld/README.md b/responders/Minemeld/README.md new file mode 100644 index 0000000..87028a4 --- /dev/null +++ b/responders/Minemeld/README.md @@ -0,0 +1,14 @@ +### Palo Alto Minemeld + +This responder sends observables you select to a [Palo Alto Minemeld](https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld) instance. + +#### Requirements +The following options are required in the Palo Alto Minemeld Responder configuration: + +- `minemeld_url` : URL of the Minemeld instance to which you will be posting indicators +- `minemeld_user`: user accessing the Minemeld instance +- `minemeld_password`: password for the user accessing the Minemeld instance +- `minemeld_indicator_list`: name of Minemeld indicator list (already created in Minemeld) +- `minemeld_share_level`: share level for indicators (defaults to `red`) +- `minemeld_confidence`: confidence level for indicators (defaults to `100`) +- `minemeld_ttl`: TTL for indicators (defaults to `86400` seconds) \ No newline at end of file diff --git a/responders/Minemeld/assets/MM-logo.png b/responders/Minemeld/assets/MM-logo.png new file mode 100644 index 0000000..3c7095b Binary files /dev/null and b/responders/Minemeld/assets/MM-logo.png differ diff --git a/responders/Minemeld/minemeld.json b/responders/Minemeld/minemeld.json index 983d3b2..528cfc6 100644 --- a/responders/Minemeld/minemeld.json +++ b/responders/Minemeld/minemeld.json @@ -1,69 +1,85 @@ { - "name": "Minemeld", - "version": "1.0", - "author": "Wes Lambert, Security Onion Solutions", - "url": "https://github.com/TheHive-Project/Cortex-Analyzers", - "license": "AGPL-V3", - "description": "Submit indicator to Minemeld", - "dataTypeList": ["thehive:case_artifact"], - "command": "Minemeld/minemeld.py", - "baseConfig": "Minemeld", - "configurationItems": [ - { - "name": "minemeld_url", - "description": "URL for Minemeld instance", - "type": "string", - "multi": false, - "required": true, - "defaultValue": "https://x.x.x.x" + "name": "Minemeld", + "version": "1.0", + "author": "Wes Lambert, Security Onion Solutions", + "url": "https://github.com/TheHive-Project/Cortex-Analyzers", + "license": "AGPL-V3", + "description": "Submit indicator to Minemeld", + "dataTypeList": [ + "thehive:case_artifact" + ], + "command": "Minemeld/minemeld.py", + "baseConfig": "Minemeld", + "configurationItems": [ + { + "name": "minemeld_url", + "description": "URL for Minemeld instance", + "type": "string", + "multi": false, + "required": true, + "defaultValue": "https://x.x.x.x" + }, + { + "name": "minemeld_user", + "description": "User for Minemeld", + "type": "string", + "multi": false, + "required": true, + "defaultValue": "apiuser" + }, + { + "name": "minemeld_password", + "description": "Password for Minemeld", + "type": "string", + "multi": false, + "required": true, + "defaultValue": "password" + }, + { + "name": "minemeld_indicator_list", + "description": "Name of indicator list to which indicators will be added", + "type": "string", + "multi": false, + "required": true, + "defaultValue": "my_block_list" + }, + { + "name": "minemeld_share_level", + "description": "Share level for indicator", + "type": "string", + "multi": false, + "required": true, + "defaultValue": "red" + }, + { + "name": "minemeld_confidence", + "description": "Confidence level for indicator", + "type": "string", + "multi": false, + "required": true, + "defaultValue": "100" + }, + { + "name": "minemeld_ttl", + "description": "TTL for indicator", + "type": "string", + "multi": false, + "required": true, + "defaultValue": "86400" + } + ], + "registration_required": false, + "subscription_required": false, + "free_subscription": false, + "service_homepage": "https://github.com/PaloAltoNetworks/minemeld", + "service_logo": { + "path": "assets/MM-logo.png", + "caption": "logo" }, - { - "name": "minemeld_user", - "description": "User for Minemeld", - "type": "string", - "multi": false, - "required": true, - "defaultValue": "apiuser" - }, - { - "name": "minemeld_password", - "description": "Password for Minemeld", - "type": "string", - "multi": false, - "required": true, - "defaultValue": "password" - }, - { - "name": "minemeld_indicator_list", - "description": "Name of indicator list to which indicators will be added", - "type": "string", - "multi": false, - "required": true, - "defaultValue": "my_block_list" - }, - { - "name": "minemeld_share_level", - "description": "Share level for indicator", - "type": "string", - "multi": false, - "required": true, - "defaultValue": "red" - }, - { - "name": "minemeld_confidence", - "description": "Confidence level for indicator", - "type": "string", - "multi": false, - "required": true, - "defaultValue": "100" - }, - { - "name": "minemeld_ttl", - "description": "TTL for indicator", - "type": "string", - "multi": false, - "required": true, - "defaultValue": "86400" - } - ] -} + "screenshots": [ + { + "path": "", + "caption": "" + } + ] +} \ No newline at end of file