No IOCs in Feed When Formatted for Carbon Black

[DecayingSec]

Describe the bug

No IOCs are populated when formatting MD5, Domain, and IP output feeds for use in Carbon Black Response using the v=carbonblack URL parameter.

Same symptoms as #52 so it may be a duplicate. The resolution there was unclear. I made sure I was using supported indicator types which may have been the problem there.

Expected behavior

IOCs are populated.

Current behavior

The feed populates as expected when formatting for JSON, CSV, or when passing no parameters. When formatting for Carbon Black using v=carbonblack only the report "boilerplate" and encoded icons are output with no IOCs. The "ipv4", "dns", and "md5" sections are empty.

Possible solution

None. I checked the code but did't see any obvious cause or solution.

Steps to reproduce

Can be reproduced on the latest (0.9.70.post1) version using the Docker deployment and the default IP feeds with the following steps:

1. Install latest MineMeld as per https://live.paloaltonetworks.com/t5/minemeld-articles/running-minemeld-using-docker/ta-p/289062
2. Navigate to the default feed at https://YOUR_IP_ADDRESS/feeds/inboundfeedhc and confirm IP addresses are populated
3. Add the v=carbonblack parameter to get https://YOUR_IP_ADDRESS/feeds/inboundfeedhc?v=carbonblack
4. Confirm no IOCs are populated

Screenshots

Context

We are hoping to use domain and IP from MineMeld in a local Carbon Black Response instance.

Your Environment

Confirmed this happens with MD5, domain, and IP feeds in MineMeld version 0.9.60b4 (What we have in production).
Confirmed this happens with the default IP feeds in MineMeld version 0.9.70.post1 using Docker deployment.