Get the code
Published April 16, 2019
Cybersecurity is becoming increasingly important. A significant data breach can destroy a company’s reputation. A major hurdle for cross-platform security to overcome is the difficulty of cleansing and standardizing data across multiple domains.
Structured Threat Information eXpression (STIX™) is a language and serialization format that organizations can use to exchange cyber threat intelligence (CTI). CTI is represented by objects and descriptive relationships that are stored as JSON so that machines can read the data.
At the heart of STIX is STIX-Shifter, an open source Python library that enables software to connect to products that house data repositories. STIX-Shifter uses STIX Patterning to return results as STIX Observations.
STIX-Shifter uses the STIX patterns to transform the output into data that mostly looks and behaves the same. What’s unique to STIX-Shifter is its ability to create search patterns for all three security data sources types – network, file, log, and more. Because it spans all three data types, you can create complex queries and analytics that span multiple domains, including security and event management (SIEM), endpoint, network, and file levels.
You might want to use this library and contribute to development, if any of the following statements apply to you:
Visit the STIX-Shifter GitHub page for more information about the project or to contribute.
Learn how to implement a new adapter for the STIX-Shifter project that can support a particular security product.
This learning path is comprised of basic to advanced Kubernetes skills.
May 20, 2019
Back to top