STIX indicator parser

Question

STIX indicator parser

DeemOnSecurity opened this issue 4 years ago · 0 comments

DeemOnSecurity commented 4 years ago

💡 Summary

Write a translation layer, allowing STIX indicators to be directly ingested and queried.

Motivation and context

This would allow CISA to release threat packages that can be directly executed without manual translation.

Implementation notes

Implementation would follow our current indicator format of dropping files in the indicators folder. When we are in the loading phase of the program, the file would be ingested and parsed, then operate like normal.

Acceptance criteria

How do we know when this work is done?

STIX files are properly ingested and queried
Python module follows cisagov coding conventions
Tests have been written to ensure future compliance