There is some attempt to try to bring in STIX. I know, this is just a teaser so far... and I can't promise anything. But at least I am aware of an attempt...
What I am wondering about is if adding STIX makes the processing still manageable. Like what would each bot need to look out for? In the internal data format as we have it now, things are quite simple and quite well defined: the IDF format clearly says which key-value pairs may exist. In STIX , things become a bit more complex. Is anyone aware of how other systems solved this problem?
Thanks, Aaron.
On 10.01.2022, at 15:19, Joaquin Cabrera joaquin.cabrera@cert.uy wrote:
Hi Aaron!
That would be great! At the time we don't have a developer team, nor detailed knowledge about STIX format to help : (
We will use another tool in the mean time, thank you for your answer!
Regards,
Joaquín
El 5/1/22 a las 19:26, L. Aaron Kaplan escribió:
Hi Joaquin,
I think that's a really good idea. Note that STIX has more of a graph structure, so - at least currently - that would somehow have to be flattened and mapped to intelMQ's internal data format. As far as I know there is no taxii collector (yet).
I would be interested in one as well.
Let me discuss with a few folks how/if this can be implemented.
Best, Aaron.
On 05.01.2022, at 21:05, Joaquin Cabrera joaquin.cabrera@cert.uy wrote:
Dear community,
I'm looking for a collector bot to retrieve data from a taxii server, but i couldn't find any. We are tying to use intelMQ as our main tool to collect all security feeds and one of them is a taxii feed.
Does anyone have this kind of scenario?
Best regards,
Joaquín Cabrera CERTuy - AGESIC
Torre Ejecutiva Anexo Liniers 1280 piso 1 Tel: (+598) 2901 2929 Int. 8509 (11.000) Montevideo – URUGUAY www.agesic.gub.uy
-- List settings: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users IntelMQ Documentation: https://intelmq.readthedocs.io/
-- Joaquín Cabrera CERTuy - AGESIC
Torre Ejecutiva Anexo Liniers 1280 piso 1 Tel: (+598) 2901 2929 Int. 8509 (11.000) Montevideo – URUGUAY www.agesic.gub.uy
-- List settings: https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users IntelMQ Documentation: https://intelmq.readthedocs.io/