We used to install soltra edge in the old ansible builds (which have thankfully now been pared back in the interests of stability in full dev). Soltra has not been a good option since they went proprietary, so since then we’ve included opentaxii (BSD 3) as a discovery and aggregator.
Most of the challenges are around licensing. Hippocampe is part of The Hive Project, which is AGPL, which is an apache category X license so can’t be included. Mindmeld is much better license-wise (Apache 2) so would be well worth community consideration. I kinda like it as a framework, but I for one would be very pleased to hear a broader community discussion around which platforms we should have integrations with via the threat intel loader, or even through a direct to hbase streaming connector. Simon > On 14 Feb 2018, at 03:13, Ali Nazemian <alinazem...@gmail.com> wrote: > > Hi All, > > I would like to understand Metron community view on Threat Intel > aggregators as well as the roadmap of threat intelligence and threat > hunting. There are some open source options available regarding threat > intel aggregator such as Minemeld, Hippocampe, etc. Is there any plan to > build that as a part of Metron in future? Is there any specific aggregator > you think would be more aligned with Metron roadmap? > > Cheers, > Ali