How to survive to STIX parsing?
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Toggle fullscreen mode | F |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | < |
Increase playback rate | > |
Seek to end | end |
Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Ensuring the seamless flow of threat intelligence between sharing communities, CTI pipelines, and detection engineering teams heavily relies on the interoperability of CTI standards.
To achieve this, the misp-stix
Python library (>=3.8) was developed and specifically designed to handle all conversions between the MISP standard format and STIX formats.
This library serves as a versatile and comprehensive solution that addresses the challenges faced in CTI standard conversion.
In this talk, we will discuss the implementation of misp-stix
, which provides a generic Python library that supports various formats and conversions.
When it comes to discussions about exchanging threat intelligence, STIX is often mentioned as a standard for representing and sharing structured information.
However, the differences between STIX 1.x in XML and STIX 2.x in JSON can pose challenges for analysts and their tools to parse and consume the content easily and automatically.
To address this issue, misp-stix
provides a straightforward conversion between different versions of STIX formats specialized in threat intelligence exchange and the generic MISP standard, which is widely used worldwide to share information across different domains and fields.
Effective interoperability between CTI standards is crucial to ensure smooth information exchange among sharing communities. By reducing the gap between different conceptions of exchange standards, misp-stix
aims to facilitate this process.
During the presentation, we will showcase real-life examples of the challenges we face and the solutions we have developed to improve the interoperability and re-usability of knowledge bases, such as misp taxonomies, object templates, and galaxies. These tools are used in MISP and many other CTI tools, and are essential for exchanging structured threat intelligence effectively.
Christian Studer joined CIRCL in 2017 after he graduated with a Master in Computer Science. During his master thesis at CIRCL he showed his capacity to lead existing CIRCL software such as the Potiron framework, a tool to normalize, index and visualize network captures. He is mainly working on MISP, contributing to the core development and several integrations with other tools and formats, most notable, he leads the STIX implementation of the project. He is also the co-chair of the OASIS CTI STIX Subcommittee.
Other media in the channel "2023"
- 107 views, 11 this year, 1 this monthWhy cyberoffense will never be regulatedJuly 5th, 2023
- 36 views, 13 this year, 3 this monthUsing Suricata to detect lateral movement in Windows environmentJuly 5th, 2023
- 126 views, 31 this year, 3 this monthDecrypt Kerberos/NTLM “encrypted stub data” in WiresharkJuly 5th, 2023
- 19 views, 6 this yearASN.1 templating for fun and profitJuly 5th, 2023
- 8 views, 3 this year, 1 this monthzekrom: an open-source library of arithmetization-oriented constructions for zkSNARK circuitsJuly 5th, 2023
- 49 views, 12 this yearPHP filter chains: How to use itJuly 5th, 2023