Thanks Simon for reply. Currently we are analyzing available open source solutions. For sure we will contribute if something new be implemented.
- Vladimir ________________________________ From: Simon Elliston Ball [si...@simonellistonball.com] Sent: Tuesday, March 28, 2017 9:04 AM To: user@metron.incubator.apache.org Subject: Re: Threat Feeds Hi Vladimir, Metron supports and Stix/Taxii feed using the threat intel loaders. We usually put soltra, hailataxii or opentaxii in front of this loaded to act as an aggregator for multiple stix feeds, so you can really use anything. Soltra used to be our preferred choice, because it was slick, open, and usable. Now Soltra has gone commercial, we would still recommend it as a good option, but would also look at other open source alternatives. The list you include is an interesting survey of alternatives as well, it would be great to see more of these integrated into Metron, perhaps that would be a good community contribution. Are there any in particular your like, or would like to work on? I’d be very happy to help. Hope that helps. Simon On 28 Mar 2017, at 12:53, Vladimir Shlyakhtin <vladimir.shlyakh...@sstech.us<mailto:vladimir.shlyakh...@sstech.us>> wrote: Hi, According to https://cwiki.apache.org/confluence/display/METRON/Threat+Intel Metron supports 2 Threat Feeds and 1 format (Soltra and Hail A Taxii, Stix/Taxii format) Has anything changed for today? Also on this page I read that you recommend Soltra. May I ask why? What you can say about other Threat Feeds? E.g. from this list: https://github.com/hslatman/awesome-threat-intelligence Thank you - Vladimir
