OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: STIX JSON consumption / Parsing variations

Hi again!

I have started to implement JSON deserialization into the Java Objects as perÂhttps://github.com/StephenOTT/charon-stix.

My current pattern is to apply a âcustom deserializerâ per object at the implementation level: I am doing this under the premise that in many cases of implementation, the source of CTI may not want to, cannot, should not, etc be having to worry about being STIX compliant. In many cases, there might be data gaps, weird formats, extra look ups, etc.

I wanted to get the communities insight into scenarios of âdifficultiesâ of converting from source CTI into STIX. My thinking is that generally a implementation would implement a âmicroserviceâ (or whatever) and massage the data. In some cases the source system might only be able to provide very basic structures that have to then be completely massaged outside of the CTI system into the STIX spec. And in some cases you may not have a âWeb app / web frameworkâ to massage the data or build apis around.

The link above is the start of that pattern (it is incomplete, so you will see some empty if statements and code duplication). The full implementation of this pattern is to abstract the âcommon propertiesâ into a shared class, and then duplicate the across all objects. Âlook atÂhttps://github.com/StephenOTT/charon-stix/blob/master/src/main/java/io/digitalstate/stix/domainobjects/AttackPattern.java#L143-L168Âfor a example of how sub-objects and lists of sub-objects are handled.
In the case of linked lists (like Relationships) this is a example of custom implementation needs where someone might want to generate empty objects or provide the content from a upstream source.

What are peoples experiences with barriers of getting data into STIX format? What are the types of transformations that are commonly needed?

Thanks!
Stephen



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]