How to survive to STIX parsing?
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
15 (this month: 3)Creation date:
July 5, 2023Speakers:
Christian StuderLicense:
CC BY-SA v4Description
Ensuring the seamless flow of threat intelligence between sharing communities, CTI pipelines, and detection engineering teams heavily relies on the interoperability of CTI standards.
To achieve this, the misp-stix
Python library (>=3.8) was developed and specifically designed to handle all conversions between the MISP standard format and STIX formats.
This library serves as a versatile and comprehensive solution that addresses the challenges faced in CTI standard conversion.
In this talk, we will discuss the implementation of misp-stix
, which provides a generic Python library that supports various formats and conversions.
When it comes to discussions about exchanging threat intelligence, STIX is often mentioned as a standard for representing and sharing structured information.
However, the differences between STIX 1.x in XML and STIX 2.x in JSON can pose challenges for analysts and their tools to parse and consume the content easily and automatically.
To address this issue, misp-stix
provides a straightforward conversion between different versions of STIX formats specialized in threat intelligence exchange and the generic MISP standard, which is widely used worldwide to share information across different domains and fields.
Effective interoperability between CTI standards is crucial to ensure smooth information exchange among sharing communities. By reducing the gap between different conceptions of exchange standards, misp-stix
aims to facilitate this process.
During the presentation, we will showcase real-life examples of the challenges we face and the solutions we have developed to improve the interoperability and re-usability of knowledge bases, such as misp taxonomies, object templates, and galaxies. These tools are used in MISP and many other CTI tools, and are essential for exchanging structured threat intelligence effectively.
Christian Studer joined CIRCL in 2017 after he graduated with a Master in Computer Science. During his master thesis at CIRCL he showed his capacity to lead existing CIRCL software such as the Potiron framework, a tool to normalize, index and visualize network captures. He is mainly working on MISP, contributing to the core development and several integrations with other tools and formats, most notable, he leads the STIX implementation of the project. He is also the co-chair of the OASIS CTI STIX Subcommittee.
Other media in the channel "2023"
92 views, 1 this monthWhy cyberoffense will never be regulatedJuly 5th, 2023
22 views, 2 this monthUsing Suricata to detect lateral movement in Windows environmentJuly 5th, 2023
85 views, 5 this monthDecrypt Kerberos/NTLM “encrypted stub data” in WiresharkJuly 5th, 2023
13 views, 1 this monthASN.1 templating for fun and profitJuly 5th, 2023
5 views, 2 this monthzekrom: an open-source library of arithmetization-oriented constructions for zkSNARK circuitsJuly 5th, 2023
34 views, 4 this monthPHP filter chains: How to use itJuly 5th, 2023