This is a plug-in for CIF that consists of Perl and Python modules. Perl-based CIF plug-in passes JSON-like (objects in {}, but no commas in between) formatted result of CIF query to Python-based STIX/Cybox document builder.
The STIX/CyBox builder can be run as an independent application with 2 options:
Option 1:
- Takes a name of a file with multiple JSON objects separated by commas (same as CIF JSON output) and optionally name of output file
- Outputs one STIX/CyBox document
Option 2:
- Takes a path to a directory with JSON-like files (same as CIF JSON output), a path to an output directory, and optionally a pattern for input file names
- Outputs a STIX/CyBox document per input file
Main Functionality
Perl Module
- Takes query result and transform into JSON-like format (same as original CIF JSON format)
- Passes JSON to Python module
Python module
- Parses incoming stream or file and identifies JSON objects (CIF JSON output format)
- Parses JSON objects and maps keys to corresponding STIX/CyBox object
- Creates a separate Indicator for each JSON object
- Reports new keys
- Builds STIX document from the set of Indicators
- Returns stream or file in STIX format
- Logs in activities
For assistance with the Cif2Stix script, please contact 
.
© 2006–2024 Carnegie Mellon UniversityLegal |
Privacy Notice |
