cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jp
jp
Level 9
Report Inappropriate Content
Message 1 of 2
‎04-25-2019 02:11 PM

Import Large Watchlist

I am trying to import and regularly update a large watchlist into the SIEM. The watchlist is ~242k domains. 

I have tried using the SIEM API for this however, SIEM only allows for the addition of ~2K values at a time (WHY!??)   so this is not realistic. 

My next attempt was to setup a NFS share that the SIEM could pull from, but this just causes the SIEM to choke and freeze up. 

Does anyone know of a good way to create a dynamic watchlist that can handle this many values?

0 Kudos
Reply
1 Reply
brenta
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 2 of 2
‎05-01-2019 08:57 AM

Re: Import Large Watchlist

For large watchlists I have always done an import using a Cyberthreat feed (TAXII), this is also one of the only ways to do back tracing. I am surprised your ESM had problems with the NFS import, it's always worked sufficiently fine for me.

Do you have a lot of operations on your SIEM?

Could you run `iostat -dhxm 10` and wait about 1 minute then CTRL-C and paste or message me the results?

Brent
0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC