STIX-Shifter

Organizations use many different security tools and have security logs and events scattered across their enterprises, both on premises and in the cloud. A solution that can connect the tools you already use, built on open standards that promote interoperability, can help maximize the investments you’ve already made.

This approach creates a more effective security program, leveraging existing tools more effectively and providing a more efficient approach for security administrators to detect and respond to security threats.

STIX-shifter is an open source Python library that enables software to connect to products that house data repositories, ensuring data security. STIX-shifter is one of two foundational projects that are part of the Open Cybersecurity Alliance , an OASIS open project.

The technology

Structured Threat Information eXpression (STIX™) is a language and serialization format that organizations can use to exchange cyber threat intelligence (CTI). CTI is represented by objects and descriptive relationships that are stored as JSON so that machines can read the data.

STIX-Shifter is an open source Python library that enables software to connect to products that house data repositories. STIX-Shifter uses STIX Patterning to return results as STIX Observations.

STIX-Shifter uses the STIX patterns to transform the output into data that mostly looks and behaves the same. What’s unique to STIX-Shifter is its ability to create search patterns for all three security data sources types — network, file, log, and more. Because it spans all three data types, you can create complex queries and analytics that span multiple domains, including security and event management (SIEM), endpoint, network, and file levels.

Access the STIX-Shifter open source library on GitHub.

STIX-Shifter is part of the Open Cybersecurity Alliance

The Open Cybersecurity Alliance (OCA) aims to connect the fragmented cybersecurity landscape and enable disparate security products to freely exchange information, out of the box, using mutually agreed upon technologies, standards, and procedures.

IBM Security is a co-founder and initial contributor to the OCA project. IBM is contributing the STIX-shifter federated search technology to OCA, which is a core capability offered in IBM CloudPak for Security.

Why would I want to use this?

You might want to use this library and contribute to development, if any of the following statements apply to you:

  • You are a vendor or project owner who wants to add some form of query or enrichment functions to your product capabilities.
  • You are an end user who wants a method to script searches and/or queries as part of your orchestration flow.
  • You are a vendor or project owner who has data that can be made available, and you want to contribute an adapter.
  • You just want to help make the world a safer place!

Learn more

Visit the STIX-Shifter GitHub page for more information about the project or to contribute.

Learn more about the open projects here:

To join and participate, follow these links: