Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Import STIX Attack Patterns #55

Open
sheetlaand opened this issue Nov 21, 2022 · 4 comments
Open

Import STIX Attack Patterns #55

sheetlaand opened this issue Nov 21, 2022 · 4 comments

Comments

@sheetlaand
Copy link

Hello,
The project is really interesting !
To be honest, I could already see myself confronting my entire CTI database with this project, in order to convert my data from lists to graphs.
Knowing that this quote is positioned as a preamble to the Project Overview, I thought it would be possible to import my TTP lists automatically, and then finish the graphs manually (in an 80/20 approach).

However, I have not found how to import a STIX bundle directly into the Builder engine.
I'm obviously thinking of a classic STIX bundle, i.e. not containing the custom ATT&CK objects, like the APT1 bundle: https://github.com/oasis-open/cti-documentation/blob/main/examples/example_json/apt1.json

Am I doing something wrong or is it not possible to import such bundles at this time?
My database contains 300+ STIX bundles, with the TTPs defined in lists. Importing each bundle manually will take me forever, knowing that it takes between 20 and 40 TTPs each time.

@mehaase
Copy link
Contributor

mehaase commented Dec 6, 2022

Hi, it is not possible to import STIX bundles at this time (other than native Attack Flow bundles), but this is an interesting idea. Do you have any STIX bundles that you can share, either here on GitHub or directly with me over email? That would be helpful for us to implement this feature.

@sheetlaand
Copy link
Author

Hi @mehaase, of course I can share with you several STIX Bundles.
To start, you can find a valid STIX bundle in the link shared above, but also in the links below:

Is it enough for you to begin the tests ?
Keep me inform :)
Regards,

@sheetlaand
Copy link
Author

Hello,
Quick update on this subject. Do you have any hints of this functionality ? 😄

@mehaase
Copy link
Contributor

mehaase commented Nov 6, 2024

We are starting next round of development this month. I'll try to get this feature included in the next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants