In order to prevent successful cyberattacks, many organizations collect indicators of compromise (IOCs) from various threat intelligence providers with the intent of creating new controls for their security devices. PaloAltoNetworks has released 01-Aug-2016 MineMeld, an open-source application that streamlines the aggregation, enforcement and sharing of threat intelligence. MineMeld is available for all users directly on GitHub as well as pre-built virtual for easy deployment. Different feeds can be used by MineMeld, while following sources have native support: Anomali, The Media Trust, Proofpoint, Recorded Future, Soltra, SpamHaus
MineMeld simplifies across:
Commercial threat intelligence feeds
Open-source intelligence (OSINT) providers
Threat intelligence platforms
ISACs
CERTs
Other MineMeld users
This package offers integration of MineMeld's CEF output feed in ArcSight. Users will be able to utilize IP addresses, Domain names and URLs collected using MineMeld. Using the collected indicators of compromise (IOCs) one will be able to detect known threats.
Case was developed by our partner Motiv ICT Security