Now security organizations can leverage MineMeld, an open-source application that streamlines the aggregation, enforcement and sharing of threat intelligence. Unfortunately, legacy approaches to aggregation and enforcement are highly manual in nature, often creating complex workflows and extending the time needed to identify and validate which IOCs should be blocked. In order to prevent successful cyberattacks, many organizations collect indicators of compromise (IOCs) from various threat intelligence providers with the intent of creating new controls for their security devices. Aggregate CERTs and ISACs Threat Intelligence feeds, removing duplicates, expiring entries and consolidating attack directions and confidence levels then make this list available for enforcement by third party toolsĮxtract indicators from syslog messages and aggregate them with indicators coming from 3rd party sourcesĬheck this page for a brief list of currently supported nodes/feeds.MineMeld Threat Intelligence Sharing.Mine Office 365 IP addresses provided by Microsoft and dynamically create an EDL list for usage in a Palo Alto Networks security policy to further restrict trafic Connect to the Spamhaus DROP feed and transform it for enforcement by Palo Alto Networks EDL (External Dynamic List) objects.MineMeld has many use-cases and can easily be extended to fulfill many more. MineMeld is a community supported tool to manipulate list of indicators and transform/aggregate them for consumption by third party enforcement infrastructure. MineMeld -感觉就是一个IoC情报整合和分享工具,里面有一些专门做情报生产的组织,你只要订阅就可以了Īn extensible Threat Intelligence processing framework brought to you by Palo Alto Networks.What is MineMeld for?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |