Tech Docs: Collect and Refine Threat Intelligence with MineMeld

Jan 09, 2017
2 minutes


The use of threat intelligence to defend networks against attacks is on the rise. Threat intelligence consists of evidence-based and actionable knowledge about attacks. As members of the security arena chip in to share threat intelligence, this poses a new challenge: wrangling threat intelligence from multiple sources into a single format that a security platform or infrastructure can readily use to enforce policy. This process requires a significant investment of time and resources.

Enter MineMeld. If you’ve come across MineMeld in the past few months, it’s like stumbling upon hidden treasure. Gone are the days of manually digging through countless indicator feeds for the threat intelligence you need.

Get started with MineMeld in 3 easy steps!

  1. Choose miners. A miner is a source of threat intelligence, such as an indicator feed or a subscription-based threat intelligence service like AutoFocus.
  2. Choose processors. A processor extracts indicators from miners and performs an action on the indicators—the action depends on the processor you select. For example, MineMeld processors can filter data from miners to extract only indicators of a certain type and remove duplicates of an indicator if the processor receives it from multiple miners. You control which miners a processor will filter and aggregate.
  3. Choose your desired output. MineMeld automatically delivers indicators from processors to your desired output, such as a Palo Alto Networks dynamic address group, external dynamic list, or a TAXII feed. You can configure MineMeld to forward indicators from multiple processors to multiple outputs.

Download and Unearth a Wealth of Threat Intelligence with MineMeld today!

Happy reading!

Your friendly Technical Documentation team

Have questions? Contact us at

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.