The following AutoFocus-specific prototypes allow you to Forward MineMeld Indicators to AutoFocus and Forward AutoFocus Indicators to MineMeld. To view the default behavior for a prototype, select the prototype from the
Prototypestab in MineMeld and view the configuration (
Config) details. The prototypes below have default intervals for extracting and aging out indicators. When an indicator is aged out, MineMeld withdraws the indicator from the outputs that received them.
The samples miner extracts Threat Indicators from samples that meet the conditions of an AutoFocus search. You must set the search conditions when you create this miner node.
The samples miner does not extract all sample artifacts; it only extracts statistically important artifacts that AutoFocus has determined to be indicators based on their tendency to be seen with malware.
Indicator Store Miner
The indicator store miner extracts indicators from external sources that are currently stored in the AutoFocus Indicator Store (see Manage Threat Indicators). You must connect this miner to a processor and output node to forward the indicators to a destination outside of AutoFocus, such as a Palo Alto Networks firewall or other SIEM platforms.
The indicator store miner is an updated version of the deprecated artifact miner.
Expiredindicators are indicators that have been removed from the feed from which they came.
Indicator Store Output
The indicator store output is an updated version of the deprecated artifact output.
Export List Miner
The export list miners sends artifacts from an AutoFocus export list to a destination outside of AutoFocus.
Unlike the other AutoFocus prototypes, the export list miner can be used in either AutoFocus-hosted MineMeld or a MineMeld instance you deployed in your own environment.
Accepts IPv4, URL, and domain indicators.
Recommended For You
Recommended videos not found.