Skip to main content

Tools and interface to translate STIX formatted results and queries to different data source formats and to set up appropriate connection strings for invoking and triggering actions in openwhisk

Project description

codecov

Join us on Slack!

Click here and fill out the form to receive an invite to the Open Cybersecurity Alliance slack instance, then join the #stix-shifter channel, to meet and discuss usage with the team.

Introduction Webinar!

Click here to view an introduction webinar on STIX Shifter and the use cases it solves for.

Introduction

STIX-shifter is an open source python library allowing software to connect to products that house data repositories by using STIX Patterning, and return results as STIX Observations.

For more information about this project, see the STIX-shifter Overview

Dependencies

This stix-shifter has the following dependencies:

Your development environment must use Python version: 3.8 greater

Installation

The recommended method for installing the STIX-shifter is via pip. Two prerequisite packages needs to be installed inlcuding the package of stix-shifter connector module to complete a stix-shifter connector installation. Run below commands to install all the packages-

  1. Main stix-shifter package: pip install stix-shifter

  2. Stix-shifter Utility package: pip install stix-shifter-utils

  3. Desired stix-shifter connector module package: pip install stix-shifter-modules-<module name> Example: pip install stix-shifter-modules-qradar

Usage

As A Command Line Utility

The STIX-Shifter comes with a bundled script which you can use to translate STIX Pattern to a native datasource query. It can also be used to translate a JSON data source query result to a STIX bundle of observable objects. You can also send query to a datasource by using a transmission option.

More details of the command line option can be found here

$ stix-shifter translate <MODULE NAME> query "<STIX IDENTITY OBJECT>" "<STIX PATTERN>" "<OPTIONS>"

Example:

$ stix-shifter translate qradar query {} "[ipv4-addr:value = '127.0.0.1']" {}

In order to build stix-shifter packages from source follow the below prerequisite steps:

  1. Go to the stix-shifter parent directory
  2. Optionally, you can create a Python 3 virtual environemnt: virtualenv -p python3 virtualenv && source virtualenv/bin/activate
  3. Run setup: python3 setup.py install

Running From the Source

You may also use python3 main.py script. All the options are the same as "As a command line utility" usage above.

Example:

python3 main.py translate qradar query {} "[ipv4-addr:value = '127.0.0.1']" {}

In order to run python3 main.py from the source follow the below prerequisite steps:

  1. Go to the stix-shifter parent directory
  2. Optionally, you can create a Python 3 virtual environemnt: virtualenv -p python3 virtualenv && source virtualenv/bin/activate
  3. Run setup to install dependancies: INSTALL_REQUIREMENTS_ONLY=1 python3 setup.py install.

Note: setup.py only installs dependencies when INSTALL_REQUIREMENTS_ONLY=1 directive is used. This option is similar to python3 generate_requirements.py && pip install -r requirements.txt

As A Library

You can also use this library to integrate STIX Shifter into your own tools. You can translate a STIX Pattern:

from stix_shifter.stix_translation import stix_translation

translation = stix_translation.StixTranslation()
response = translation.translate('<MODULE NAME>', 'query', '{}', '<STIX PATTERN>', '<OPTIONS>')

print(response)

Use of custom mappings

If a connector has been installed using pip, the process for editing the STIX mappings is different than if you have pulled-down the project. When working locally, you can edit the mapping files directly. See the mapping files for the MySQL connector as an example. Editing the mapping files won't work if the connector has been installed with pip; the setup script of the stix-shifter package includes the mapppings inside config.json. This allows stix-shifter to injest custom mappings as part of the connector's configuration.

Refer to Use of custom mappings for more details on how to edit the mappings in the configuration.

Contributing

We are thrilled you are considering contributing! We welcome all contributors.

Please read our guidelines for contributing.

Developer Guides

If you want to create a new connector for STIX-shifter, see the developer guide

There are also a few Jupyter Notebook labs that cover the CLI commands and dev process.

Licensing

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Resources

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

stix_shifter_modules_cbcloud-1.0.0.dev782-py2.py3-none-any.whl (35.6 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file stix_shifter_modules_cbcloud-1.0.0.dev782-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for stix_shifter_modules_cbcloud-1.0.0.dev782-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 42f7bc23869ee0cf54040289ad3771ca978afd72add78294e9854ea00931cca8
MD5 a9c71b16e07a71f94cdc3d259117e329
BLAKE2b-256 c64341ad354ce9f47b5cd17f43247d3adcd8b706e06cef694a7bd3b78bebea16

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page