cti-users message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-users] Stix-2.x conversion tool
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: ringo <ringowathelet@gmail.com>
- Date: Sun, 28 May 2017 19:24:24 -0300
Just going to throw it out there if you
want to do things with Graph - if you write your code to output Tinkerpop/Gremlin,
it will work with *any* graph database, whereas cypher is proprietary and
only works with neo4j
http://tinkerpop.apache.org/
Also see the MITRE project that outputs
a D3 graph
https://github.com/oasis-open/cti-stix-visualization
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security
Without data, all you are is just another person with an opinion - Unknown
From:
ringo <ringowathelet@gmail.com>
To:
Terry MacDonald <terry.macdonald@gmail.com>
Cc:
<cti-users@lists.oasis-open.org>
Date:
05/28/2017 06:10 AM
Subject:
Re: [cti-users]
Stix-2.x conversion tool
Sent by:
<cti-users@lists.oasis-open.org>
Hi Terry,
I’ll investigate generating cypher statements
based on the contents of the STIX objects.
However, I was starting to follow this
process,
https://neo4j.com/blog/import-10m-stack-overflow-questions/
where they import Stack
Overflow Data into Neo4j. The large
dataset is converted to the appropriate neo4j nodes and relationships csv
files using their own python converter. Then it is simply ingested by neo4j
using:
../neo/bin/neo4j-import ……..
So I was starting to do the same with my
own code, SDO and SRO to neo4j compatible csv files (including headers).
The idea is to create a csv file for each
object type and for relationship, plus a few extra supporting relationship
csv files, such as for kill_chain_phases and external_references.
In all a dozen or two csv files, then the magic neo4j-import
Cheers,
Ringo
From: Terry MacDonald <terry.macdonald@gmail.com>
Date: Sunday, 28 May 2017 at 4:59 pm
To: ringo <ringowathelet@gmail.com>
Cc: CTI-Stix <cti-users@lists.oasis-open.org>
Subject: Re: [cti-users] Stix-2.x conversion tool
Hi Ringo,
It looks to me like generating cypher statements
based on the contents of the STIX objects would be best. The CSV doesn't
seem to contain the object model, meaning that the CSVs generated would
first need a special .cypher file to be run to create the object model,
then load the CSV data in afterwards. Going directly to cypher files is
the same as generating SQL dump for mariadb/mysql.
Cheers
Terry MacDonald
On 28 May 2017 at 13:19, ringo <ringowathelet@gmail.com>
wrote:
I don't know Neo4j at all, but it looks
interesting. From my initial read, there is
an "import" tool for bulk csv
files. So I may start with generating the
appropriate csv files to store all the Stix
info into a Neo4j database.
Before I start hacking away, has anyone
already done this?
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]