An extensible Threat Intelligence processing framework.

MineMeld is a tool to manipulate list of indicators and transform/aggregate them for consumption by third party enforcement infrastructure. MineMeld has many use-cases and can easily be extended to fulfill many more. Here are a few examples:

• Connect to the VirBL Virus Blacklist feed and transform it for enforcement by Palo Alto Networks EDL (External Dynamic List) objects
• Mine Office 365 IP addresses provided by Microsoft and create a EDL list out of them for usage in a Palo Alto Networks security policy to further restrict trafic
• Aggregate AUS-CERT and FS-ISAC Threat Intelligence feeds, removing duplicates, expiring entries and consolidating attack directions and confidence levels then make this list available for enforcement by third party tools

XXX

• Install and Use MineMeld
• Read about MineMeld Architecture

There are 2 main components of MineMeld. Each component has its own repo:

• minemeld-core
• minemeld-webui

The library of node prototypes is maintained in minemeld-node-prototypes.

• Read the contribution guidelines
• Follow the developer's guide to bootstrap your development environment
• Read how to write a simple Miner

XXX