Introducing MineMeld: Simplified, Open-source Threat Intelligence Sharing

As an industry, we must do everything in our power to prevent successful data breaches, maintaining trust in our digital way of life. Many organizations now share threat intelligence among peers, through information sharing organizations, or with government-based programs, to leverage community-based visibility into malicious activity on the Internet.

The vision is clear: the more data you ingest, the more you can improve your risk posture. But a data pile alone isn’t actionable. In order to achieve the desired outcome of preventing cyberattacks, organizations must be able to action on collected Indicators of Compromise (IOCs), automatically transforming them into prevention-based controls for enforcement on security devices.

Traditional approaches have challenged security teams with complex workflows, across multiple tools, to aggregate a growing number of threat intelligence source, and drive enforcement down to local devices. As part of our commitment to the security community, and mission of driving a new era of threat intelligence sharing, Palo Alto Networks is announcing the public availability of MineMeld to the entire security community. Previously available as a limited beta, MineMeld is an open source tool that simplifies the aggregation, enforcement, and sharing of threat intelligence.

Through MineMeld, organizations can integrate public, private, and commercial intelligence feeds, including results from other intelligence platforms, into a unified framework that natively feeds new prevention-based controls to Palo Alto Networks and other security devices. An an open-source tool, MineMeld was built to be extensible, allowing organizations to tailor the input, processing, and output of information for their environments. We have made the source code available on GitHub, as well as well as pre-built virtual machines (VMs) for easy deployment.

As part of the MineMeld release, we have been privileged to partner with a number of leading organizations to build a threat intelligence sharing ecosystem, with native support built into MineMeld from the very beginning, including: Anomali, The Media Trust, Proofpoint, Recorded Future, Soltra, SpamHaus, as well as our own AutoFocus service. MineMeld also supports a wide variety of open source intelligence providers. We encourage others in the security community to take up the banner and join our ecosystem by contributing a new Miner to the tool.

Together, we can simplify the sharing of threat intelligence for organizations across the globe, creating a stronger community that drives adoption of intelligence as a core element of a prevention-based strategy. Help us make successful cyber attacks more costly, and less effective than ever before. You can get started with MineMeld on the Palo Alto Networks Livecommunity, GitHub, or Wiki.

Scott Simkin

[Palo Alto Networks Research Center]