cti-users message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-users] Stix-2.x conversion tool
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: ringo <ringowathelet@gmail.com>
- Date: Sun, 28 May 2017 22:31:17 -0300
You mutate the graph using Gremlin commands
Here is an example:
http://tinkerpop.apache.org/docs/current/reference/#_mutating_the_graph
Another common way is using GraphSON:
http://tinkerpop.apache.org/docs/3.0.0-incubating/#graphson-io-format
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security
Without data, all you are is just another person with an opinion - Unknown
From:
ringo <ringowathelet@gmail.com>
To:
Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Cc:
CTI-Stix <cti-users@lists.oasis-open.org>
Date:
05/28/2017 09:01 PM
Subject:
Re: [cti-users]
Stix-2.x conversion tool
I’ve been reading about Tinkerpop (1 hour)
and as far as I can tell it is for working with graphs.It reads graphs, e.g. from a database such
as Neo4j and allows operations on it. What I’m trying to do is to store
the Stix data into a database, then it is trivial (I think) to manipulate
the graph with tools such as Tinkerpop or Spark/Graphx.
But the crux is to get the data into the
format required for storage.
I could not find what specific format Tinkerpop
needs. It mentions GraphML and the ability to read/link to Neo4j.
So it’s back to square 1, putting data
into Neo4j.
From: Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Monday, 29 May 2017 at 7:24 am
To: ringo <ringowathelet@gmail.com>
Cc: CTI-Stix <cti-users@lists.oasis-open.org>,
Terry MacDonald <terry.macdonald@gmail.com>
Subject: Re: [cti-users] Stix-2.x conversion tool
Just going to throw it out there if
you want to do things with Graph - if you write your code to output Tinkerpop/Gremlin,
it will work with *any* graph database, whereas cypher is proprietary and
only works with neo4j
http://tinkerpop.apache.org/
Also see the MITRE project that outputs a D3 graph
https://github.com/oasis-open/cti-stix-visualization
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security
Without data, all you are is just another person with an opinion - Unknown
From: ringo
<ringowathelet@gmail.com>
To: Terry
MacDonald <terry.macdonald@gmail.com>
Cc: <cti-users@lists.oasis-open.org>
Date: 05/28/2017
06:10 AM
Subject: Re:
[cti-users] Stix-2.x conversion tool
Sent by: <cti-users@lists.oasis-open.org>
Hi Terry,
I’ll investigate generating cypher statements based on the contents of
the STIX objects.
However, I was starting to follow this process,
https://neo4j.com/blog/import-10m-stack-overflow-questions/
where they import Stack
Overflow Data into Neo4j. The large
dataset is converted to the appropriate neo4j nodes and relationships csv
files using their own python converter. Then it is simply ingested by neo4j
using:
../neo/bin/neo4j-import ……..
So I was starting to do the same with my own code, SDO and SRO to neo4j
compatible csv files (including headers).
The idea is to create a csv file for each object type and for relationship,
plus a few extra supporting relationship csv files, such as for kill_chain_phases
and external_references. In all a dozen or two csv files, then the magic
neo4j-import
Cheers,
Ringo
From: Terry MacDonald <terry.macdonald@gmail.com>
Date: Sunday, 28 May 2017 at 4:59 pm
To: ringo <ringowathelet@gmail.com>
Cc: CTI-Stix <cti-users@lists.oasis-open.org>
Subject: Re: [cti-users] Stix-2.x conversion tool
Hi Ringo,
It looks to me like generating cypher statements based on the contents
of the STIX objects would be best. The CSV doesn't seem to contain the
object model, meaning that the CSVs generated would first need a special
.cypher file to be run to create the object model, then load the CSV data
in afterwards. Going directly to cypher files is the same as generating
SQL dump for mariadb/mysql.
Cheers
Terry MacDonald
On 28 May 2017 at 13:19, ringo <ringowathelet@gmail.com>
wrote:
I don't know Neo4j at all, but it looks interesting. From my initial read,
there is
an "import" tool for bulk csv files. So I may start with generating
the
appropriate csv files to store all the Stix info into a Neo4j database.
Before I start hacking away, has anyone already done this?
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]