[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Deconstruction of Cybox observables from STIX reports
Hi Jyoti, If I am reading you correctly you are wanting to take a STIX feed and pull out the CybOX objects, then send those to the security tools you have in order to monitor for those
Observables? And then when you get a Sighting, send the updated information back into STIX? Is that right? Are you feeding this into a ‘STIX database’ at any stage for long term storage? Cheers Terry MacDonald Senior STIX Subject Matter Expert SOLTRA | An FS-ISAC and DTCC Company +61 (407) 203 206 |
terry@soltra.com
From: Jyoti Verma (jyoverma) [mailto:jyoverma@cisco.com]
Hi, I brought this up during the Cybox call today and taking it offline for further discussion. To recap, we are looking into deconstructing Cybox observables from
STIX IOCs for distribution to disparate systems that can deal with them and then at a later point in time, re-construct them back thereby enriching the original IOC. Instead of re-inventing the wheel on this, I was wondering if there is a tool out there that
can handle comprehensive use cases. Would love to hear the approach and challenges faced in this process by folks who do this currently. Thanks, Jyoti |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]