unfetter icon indicating copy to clipboard operation
unfetter copied to clipboard

Published 20 hours ago verified publisher icon unfetter-discover

Add ability to import STIX bundles into analytic exchange

Open j987987 opened this issue 6 years ago • 2 comments

This could not be accomplished with a generic import STIX bundle feature, due to the following:

  • Multiple meta properties are mapped to fake extended properties
  • Sensors are mapped via fake relationships to abstract away data path complexity
  • Sensors don't have data model
  • Data path of sensors is not exported
  • Possible merge problems with attack patterns

I would recommend ignoring sensors/data path for the time being, and simply focusing on getting the indicators and attack pattern relationships in there.

j987987 avatar Nov 14 '18 19:11 j987987

I think limiting to indicators and attack patterns make sense to start with.

infosec-alchemist avatar Nov 15 '18 14:11 infosec-alchemist

I also don't think it should be based on the whole stix collection being missing.

ghost avatar Nov 16 '18 11:11 ghost