-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import STIX Attack Patterns #55
Comments
Hi, it is not possible to import STIX bundles at this time (other than native Attack Flow bundles), but this is an interesting idea. Do you have any STIX bundles that you can share, either here on GitHub or directly with me over email? That would be helpful for us to implement this feature. |
Hi @mehaase, of course I can share with you several STIX Bundles.
Is it enough for you to begin the tests ? |
Hello, |
We are starting next round of development this month. I'll try to get this feature included in the next release. |
Hello,
The project is really interesting !
To be honest, I could already see myself confronting my entire CTI database with this project, in order to convert my data from lists to graphs.
Knowing that this quote is positioned as a preamble to the Project Overview, I thought it would be possible to import my TTP lists automatically, and then finish the graphs manually (in an 80/20 approach).
However, I have not found how to import a STIX bundle directly into the Builder engine.
I'm obviously thinking of a classic STIX bundle, i.e. not containing the custom ATT&CK objects, like the APT1 bundle: https://github.com/oasis-open/cti-documentation/blob/main/examples/example_json/apt1.json
Am I doing something wrong or is it not possible to import such bundles at this time?
My database contains 300+ STIX bundles, with the TTPs defined in lists. Importing each bundle manually will take me forever, knowing that it takes between 20 and 40 TTPs each time.
The text was updated successfully, but these errors were encountered: