I wrote a series of blog posts on Threat Intelligence automation using MineMeld and Splunk
You can find here
https://scubarda.wordpress.com/category/threat-intelligence/
Some note:
on post 1 I show the architecture
on post 2 howto write custom prototypes and IoC integration with our SOC Splunk application. This is the near real time engine we are using to check IoC access
on post 3 howto create a STIX/TAXII output miner to export Ioc
on post 4 how I integrate the IoC events into Splunk to analyze it to see some stats. I also wrote the simple TA to parse the events and a small app to check data
Hope this is useful
Giovanni
... View more