cti message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: New Open Source Project - STIX Shifter
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: CTI-Stix-User <cti-users@lists.oasis-open.org>, cti@lists.oasis-open.org
- Date: Wed, 12 Sep 2018 13:27:52 -0300
Hello everyone;
On IBM Security's behalf I would like
to send out a quick announcement on a major STIX 2 related open-source
project that we have been working on for the past several months, in conjunction
with MITRE and the Unfetter project. While we have been doing all of the
work in-public on Github, we have not been seeking to "advertise"
the work until we felt it was ready for consumption and/or involvement
by others - and we believe we have reached that threshold now.
The project is called STIX Shifter
(https://github.com/IBM/stix-shifter).
What this project is all about, is creating a platform library that
you can embed and use in order to support STIX Patterning in your code,
to query other cybersecurity products. The
library takes in STIX 2 Patterns as input, and "finds" data that
matches the patterns inside various products that house repositories of
cybersecurity data. Examples of such products include SIEM systems, endpoint
management systems, threat intelligence platforms, orchestration platforms,
network control points, data lakes, and more. The library will also very
shortly have the ability to actually reach out into these systems, and
run the queries using their own native APIs.
In addition to "finding"
the data using these patterns, STIX-Shifter uniquely also transforms
the output from the sources into STIX 2 Observations. Why would
we do that you ask? To put it simply - so that all of the security data,
regardless of the source, mostly looks and behaves the same. As anyone
with experience in data science will tell you, the cleansing and normalizing
of the data across domains, is one of the largest hurdles to overcome with
attempting to build cross-platform security analytics. This is one of the
barriers we are attempting to break down with STIX Shifter, and hope that
it can be the first step to enabling a better ecosystem to share analytics
across products.
The project is now at
the point where the base underpinnings are well fleshed out, and we have
search modules either already released or in-the-works, for multiple information
sources (IBM QRadar, ElasticSearch, Splunk, IBM Big Fix), and we plan to
add many more modules. We're hoping that by releasing all of this work
as open source, we can encourage other products to support the use of STIX
2 Patterning - since by using it via this library, they will automatically
support federated queries across all of this growing list of platforms
- so it is a win/win for vendors to consume it.
We have a significant
and dedicated set of resources to work on this project continuously, so
it is not going anywhere. I hope you want to get involved! If you're interested
in getting involved - either by consuming the code, or writing some modules
- you can do so directly in Github, or feel free to reach out to me as
well.
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those
who hustle." - Unknown
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]