[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Deconstruction of Cybox observables from STIX reports
In case it could be somehow useful (maybe for the Interoperability TC), attached is an ongoing effort (aka DRAFT/Incomplete documentation, meaning mappings are already there in XORCISM but not reflected in the doc) of mappings in order to demonstrates the level of compatibility/interoperability) of XORCISM with CTI. 2015-10-30 9:12 GMT+03:00 Jerome Athias <athiasjerome@gmail.com>: > For reference, attached is the representation of one use case over the > XORCISM architecture. > (The XORCISM API contains a representation of the STIX objects and > acts as a 'translator', with the use of Plugins, to do the translation > job like STIX2ToolA, STIX2ToolB, or XORCISM2STIX) > > 2015-10-29 22:52 GMT+03:00 Jyoti Verma (jyoverma) <jyoverma@cisco.com>: >> Hi, >> >> I brought this up during the Cybox call today and taking it offline for >> further discussion. To recap, we are looking into deconstructing Cybox >> observables from STIX IOCs for distribution to disparate systems that can >> deal with them and then at a later point in time, re-construct them back >> thereby enriching the original IOC. Instead of re-inventing the wheel on >> this, I was wondering if there is a tool out there that can handle >> comprehensive use cases. Would love to hear the approach and challenges >> faced in this process by folks who do this currently. >> >> Thanks, >> Jyoti >> >>
Attachment:
XORCISM_CTI_STIX_CybOX_MAEC_Mapping.xlsx
Description: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]