Forward MineMeld Indicators to AutoFocus

Use an AutoFocus Indicator Store Output node to store indicators from one or more threat intelligence sources in AutoFocus. When you view the WildFire analysis details for samples in your search results, AutoFocus highlights sample indicators matching the indicators that MineMeld forwarded.
  1. Verify that MineMeld is running (see Start, Stop, and Reset MineMeld).
  2. Create a Minemeld Node that will receive processed indicators and send them to AutoFocus.
    Create an output node based on the prototype
    autofocus.indicatorStoreOutput
    .
  3. Connect MineMeld Nodes (miner and processor) to the output node you just created.
  4. Click
    Indicators
    on the navigation pane to view the Indicator Store and Manage Threat Indicators that MineMeld forwarded. The Indicator Store has space for up to 180 million indicators.
    You can now easily spot sample indicators that match MineMeld indicators when you Find High-Risk Artifacts.

Recommended For You