[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] cti-stats update
Hi, all - Just a quick note about the latest update to cti-stats. Until now, all the STIX we were seeing out there was v1.1.1, so that's all that cti-stats supported. In the course of engaging with a particularly significant data source, I discovered that all their data was in STIX v1.0. By leveraging the excellent MITRE-produced stix-ramrod library [0] I managed to get cti-stats to support *all* versions of STIX (1.0, 1.0.1, 1.1, 1.1.1, and 1.2). So if you tried unsuccessfully running cti-stats against your repository in the past, please grab the latest version [1] and try again. On a sidebar, historically dealing with multiple versions of STIX has been a major pain. My usual approach involved sniffing the XML header and unloading/loading the appropriate versions of python-stix/python-cybox. This approach was awkward and introduced a tremendous amount of overhead. If anyone out there is confronting this issue, I *highly* recommend you take a look at stix-ramrod [0]. I was able to leverage it to support all versions of STIX in something like 10-15 lines of code. Major kudos to the MITRE team who produced this excellent library! Bryan, Greg, and Ivan, this entire community owes you guys a beer! ^_^ [0]: https://github.com/STIXProject/stix-ramrod [1]: https://github.com/soltra/cti-stats/ -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "Good, Fast, Cheap: Pick any two (you can't have all three)." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]