We used to install soltra edge in the old ansible builds (which have thankfully
now been pared back in the interests of stability in full dev). Soltra has not
been a good option since they went proprietary, so since then we’ve included
opentaxii (BSD 3) as a discovery and aggregator.
Most of the challenges are around licensing. Hippocampe is part of The Hive
Project, which is AGPL, which is an apache category X license so can’t be
Mindmeld is much better license-wise (Apache 2) so would be well worth
community consideration. I kinda like it as a framework, but
I for one would be very pleased to hear a broader community discussion around
which platforms we should have integrations with via the threat intel loader,
or even through a direct to hbase streaming connector.
> On 14 Feb 2018, at 03:13, Ali Nazemian <alinazem...@gmail.com> wrote:
> Hi All,
> I would like to understand Metron community view on Threat Intel
> aggregators as well as the roadmap of threat intelligence and threat
> hunting. There are some open source options available regarding threat
> intel aggregator such as Minemeld, Hippocampe, etc. Is there any plan to
> build that as a part of Metron in future? Is there any specific aggregator
> you think would be more aligned with Metron roadmap?