Re: [cti-stix] Deconstruction of Cybox observables from STIX reports

["Jyoti Verma (jyoverma)" <jyoverma@cisco.com>]

Hi Jerome,

Thanks for passing along information on XORCISM. I didn¹t hear about it
till now. Will do some reading to see if it can help.

Thanks,
Jyoti

On 10/29/15, 11:18 PM, "Jerome Athias" <athiasjerome@gmail.com> wrote:

>In case it could be somehow useful (maybe for the Interoperability
>TC), attached is an ongoing effort (aka DRAFT/Incomplete
>documentation, meaning mappings are already there in XORCISM but not
>reflected in the doc) of mappings in order to demonstrates the level
>of compatibility/interoperability) of XORCISM with CTI.
>
>2015-10-30 9:12 GMT+03:00 Jerome Athias <athiasjerome@gmail.com>:
>> For reference, attached is the representation of one use case over the
>> XORCISM architecture.
>> (The XORCISM API contains a representation of the STIX objects and
>> acts as a 'translator', with the use of Plugins, to do the translation
>> job like STIX2ToolA, STIX2ToolB, or XORCISM2STIX)
>>
>> 2015-10-29 22:52 GMT+03:00 Jyoti Verma (jyoverma) <jyoverma@cisco.com>:
>>> Hi,
>>>
>>> I brought this up during the Cybox call today and taking it offline for
>>> further discussion. To recap, we are looking into deconstructing Cybox
>>> observables from STIX IOCs for distribution to disparate systems that
>>>can
>>> deal with them and then at a later point in time, re-construct them
>>>back
>>> thereby enriching the original IOC. Instead of re-inventing the wheel
>>>on
>>> this, I was wondering if there is a tool out there that can handle
>>> comprehensive use cases. Would love to hear the approach and challenges
>>> faced in this process by folks who do this currently.
>>>
>>> Thanks,
>>> Jyoti
>>>
>>>