MineMeld: The “Swiss army knife” of threat intelligence feeds

Palo Alto Networks has made publicly available MineMeld, an open source, community supported framework that can simply your consumption and sharing of threat intelligence.

MineMeld connection graph

“Through MineMeld, organizations can integrate public, private, and commercial intelligence feeds, including results from other intelligence platforms, into a unified framework that natively feeds new prevention-based controls to Palo Alto Networks and other security devices,” Senior Threat Intelligence Manager Scott Simkin explains.

MineMeld effectively “translates” the collected indicators of compromise into actionable controls for enforcement on security devices.

As part of this effort, the company has also partnered with organizations like Spamhaus and Recorded Future and has built support for their threat feeds into MineMeld.

Support for open source intelligence feed providers – blocklist.de, Malware Domain List, OpenPhish, sslbl.abuse.ch, and others – is also included, as is that for feeds from the biggest cloud services and even from AUS-CERT.

“MineMeld was built to be extensible, allowing organizations to tailor the input, processing, and output of information for their environments,” Simkin points out. “We have made the source code available on GitHub, as well as well as pre-built virtual machines (VMs) for easy deployment.”

Additional technical details about the tool are also available on GitHub, and contributions to the development and refining of the tool are welcome.

Finally, here is a video demo on what the tool can do and how it can be used:

Share this