To add a new feed you should start from the following details:
what are the format and protocol used by the feed ?
what expiration policy should I apply to the indicators ?
what confidence level should I use for the indicators ?
Question 1) defines the class of Miner you want to use. Currently there are classes supporting plain text feeds over HTTP/HTTPS, JSON over HTTP/HTTPS, CSV over HTTP/HTTPS, STIX/TAXII, and a number of other classes for specific public or commercial API. If the protocol and format used by the feed are not covered by one of the existing classes you should write your own Python class. Most of the times it's pretty easy, details here: https://github.com/PaloAltoNetworks/minemeld/wiki/How-To-Write-a-Simple-Miner
If instead the protocol and format are already covered, you don't need to write a single line of code. You can just write a prototype, i.e. a config for the Miner. In the Web UI go under CONFIG and click the browse button (the 3 stackd lines). Select a prototype for a feed similar to the one you want to add and click on the NEW button in the top right corner. This will create a private copy of the prototype you can modify. Now you can change the config of the Miner and specify new parameters, like URL, age out policy, confidence level, new attributes, ...
Additional details about prototypes here:
https://github.com/PaloAltoNetworks/minemeld-core/blob/master/docs/nodeconfig.rst
https://live.paloaltonetworks.com/t5/MineMeld-Articles/What-is-in-a-MineMeld-node/ta-p/72046
... View more