STIX-Shifter

Get the code

Cybersecurity is becoming increasingly important. A significant data breach can destroy a company’s reputation. A major hurdle for cross-platform security to overcome is the difficulty of cleansing and standardizing data across multiple domains.

Structured Threat Information eXpression (STIX™) is a language and serialization format that organizations can use to exchange cyber threat intelligence (CTI). CTI is represented by objects and descriptive relationships that are stored as JSON so that machines can read the data.

At the heart of STIX is STIX-Shifter, an open source Python library that enables software to connect to products that house data repositories. STIX-Shifter uses STIX Patterning to return results as STIX Observations.

STIX-Shifter uses the STIX patterns to transform the output into data that mostly looks and behaves the same. What’s unique to STIX-Shifter is its ability to create search patterns for all three security data sources types – network, file, log, and more. Because it spans all three data types, you can create complex queries and analytics that span multiple domains, including security and event management (SIEM), endpoint, network, and file levels.

Why would I want to use this?

You might want to use this library and contribute to development, if any of the following statements apply to you:

  • You are a vendor or project owner who wants to add some form of query or enrichment functions to your product capabilities.
  • You are an end user who wants a method to script searches and/or queries as part of your orchestration flow.
  • You are a vendor or project owner who has data that can be made available, and you want to contribute an adapter.
  • You just want to help make the world a safer place!

Learn more

Visit the STIX-Shifter GitHub page for more information about the project or to contribute.