cisagov
Add stix-extract tool
Add stix-extract tool
🗣 Description
This PR introduces a new tool, stix-extract, to the ioc-scanner project. This tool extracts indicators of compromise (IoCs) from STIX files and outputs them in a format that can be used by the existing ioc-scan tool. Additionally the tool can extract IPs, FQDNs, and URLs for use in other parts of the IoC scanning process.
💭 Motivation and Context
The motivation for adding this tool is to allow for the use of STIX files as a source of IoCs. STIX files are a widely-adopted standard for threat intelligence sharing, and by adding the ability to directly process these files, we increase the utility and flexibility of the ioc-scanner project.
🧪 Testing
Testing for this change included manual usage of the tool to verify its functionality. The tool was used with different STIX files and combined with ioc-scan in various ways to ensure compatibility and functionality. Further automated testing can be added in the future to verify the robustness of this addition.
✅ Pre-approval Checklist
- [x] This PR has an informative and human-readable title.
- [x] Changes are limited to a single goal - eschew scope creep!
- [x] All relevant type-of-change labels have been added.
- [x] I have read the CONTRIBUTING document.
- [x] These code changes follow cisagov code standards.
- [x] All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
- [x] All new and existing tests pass.
I think adding this script may warrant a bump of the patch portion of the version as well.
I think adding this script may warrant a bump of the patch portion of the version as well.
Bumped in: 1654c50
Also please note for the future that we generally add a co-author for commits created in response to reviewer suggestion by appending a line like this to the commit comment:
Co-authored-by: Shane Frasier <[email protected]>
