STIX Shifter - March 2023
OCA Community Connect
| Roseann Guttierrez | Rating 0 (0) (0) |
| https://opencybersecurityalliance.org/ | Launched: Jan 30, 2024 |
| Season: 1 Episode: 2 | |
In this episode of OCA Community Connect, our guest Danny Elliott, a senior product owner for UDI and CAR integrations at IBM Security, gives us an inside look into the STIX Shifter project. He explains how this Python library facilitates data retrieval from various security products and data repositories using STIX Patterning. Once the data is found it transforms the results into STIX Observables. Danny also highlights the project's ongoing need for new connectors and domain expertise to enhance existing integrations. Stay tuned to learn more about the importance and impact of the STIX Shifter project in the world of cybersecurity.
Reference Links:
Open Cybersecurity Alliance (OCA) website:
https://opencybersecurityalliance.org/
Open Cybersecurity Alliance (OCA) GitHub
https://github.com/opencybersecurityalliance
Open Cybersecurity Alliance (OCA) YouTube
https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg
Share Your Ideas & Guest Suggestions!
Got a topic or an expert in mind for "OCA Community Connect"? We’re always on the lookout for fresh insights and voices in cybersecurity and open-source innovation.
How to Contribute:
Topics: Tell us what you’re curious about in the cybersecurity world.
Guests: Know someone who’d be a great interview? We’d love to hear about them.
Reach Out: Drop us an email or message us on social media. Your suggestions help shape our show, and we can’t wait to hear from you!
SUBSCRIBE
Episode Chapters
In this episode of OCA Community Connect, our guest Danny Elliott, a senior product owner for UDI and CAR integrations at IBM Security, gives us an inside look into the STIX Shifter project. He explains how this Python library facilitates data retrieval from various security products and data repositories using STIX Patterning. Once the data is found it transforms the results into STIX Observables. Danny also highlights the project's ongoing need for new connectors and domain expertise to enhance existing integrations. Stay tuned to learn more about the importance and impact of the STIX Shifter project in the world of cybersecurity.
Reference Links:
Open Cybersecurity Alliance (OCA) website:
https://opencybersecurityalliance.org/
Open Cybersecurity Alliance (OCA) GitHub
https://github.com/opencybersecurityalliance
Open Cybersecurity Alliance (OCA) YouTube
https://www.youtube.com/channel/UCjTpPl2oEGH_Ws251m827Cg
Share Your Ideas & Guest Suggestions!
Got a topic or an expert in mind for "OCA Community Connect"? We’re always on the lookout for fresh insights and voices in cybersecurity and open-source innovation.
How to Contribute:
Topics: Tell us what you’re curious about in the cybersecurity world.
Guests: Know someone who’d be a great interview? We’d love to hear about them.
Reach Out: Drop us an email or message us on social media. Your suggestions help shape our show, and we can’t wait to hear from you!
Roseann Guttierrez [00:00:00]:
Our guest is Danny Elliott. He is a senior product owner for, UDI and CAR integrations at IBM Security. Danny, did you have anything else you wanted to say for your intro?
Danny Elliott [00:00:10]:
No. That's that's pretty good.
Roseann Guttierrez [00:00:12]:
Alright. Then we'll just jump into the first question, can you give me your elevator pitch on the STIX shifter project?
Danny Elliott [00:00:19]:
STIX shifter is, A, Python library that is able to get data from various security products and data repositories. Essentially, what it does is it takes a, STIX pattern. STIX is a structured threat, intel expression, information expression. So it'll take a STIX pattern, translate that into a native data source query for the target connector, uses that data source's APIs to do a search, gets the results back and then translates that back into Stix objects of observed data.
Roseann Guttierrez [00:00:56]:
Okay. How is it important to you?
Danny Elliott [00:01:00]:
Well, it's important to me because it's a way to normalize the data across different security products. So, you know, different products are all you know, have their own API endpoints, their own query languages. They return results in, you know, their own specific fields and formats. What STIX shifter allows us to do is use the, you know, the open source STIX Standard to normalize that data. So a developer could, say, integrate that into their own security products where they're able to use 1 query in the form of a STIX pattern and then do federated search across multiple data sources, provided that there is a connector that has been built for for the STIX shifter project.
Roseann Guttierrez [00:01:47]:
Okay. So kind of like a translator kind of..
Danny Elliott [00:01:50]:
Exactly. Yeah, a translator and and also, like, transmission. So it handles all of the, API calls that are needed to actually do the search For the targeted data source.
Roseann Guttierrez [00:02:01]:
Gotcha. Where can the project use help? What what are you guys ... or are there certain areas that might need more help than others or.. just in general..
Danny Elliott [00:02:09]:
We're we're always looking for new integrations. So so new connectors, obviously, are are always welcome. So someone in the open source community sees a need for a security product that isn't yet represented in STIX shifter. You know, we definitely always welcome that addition, but also anyone that has specific domain expertise around an existing connector. Maybe you have expertise with querying against Splunk, and you see that there's, there's some gaps or some defects in the existing connector. By all means, like, either raise an issue or or better yet, like, raise a poll request to make that fix.
Roseann Guttierrez [00:02:49]:
Great. Awesome. I think that completes our interview for today. Thanks, Danny.
