cti-python-stix2 icon indicating copy to clipboard operation
cti-python-stix2 copied to clipboard
verified publisher icon oasis-open

Think about ways to ingest SANS Top-100 Feed

Open gtback opened this issue 8 years ago • 1 comments

https://misp.truesec.be/isc-top-100-stix.json

I'm not sure whether it's good to use/extend a DataSource for this, or just use requests to fetch and parse the content.

For more information, see this blog post

gtback avatar Dec 07 '17 16:12 gtback

FTR: Investigated issue, notes:

  • Currently, this action can be completed with the current API, just requires some processing to be done on the user side (in variety of ways):
    1. requests ->json -> extract "source" (IP) field and custom fields ->| create Indicator()
    2. requests->json -> craft python dict ->| core.parse()
  • This was already demonstrated for STIX 1.x (https://github.com/xme/toolbox/blob/master/isc2stix.py)
  • Future: if we circle back to explicitly needing this functionality, abstract it out to 'retrieve_from_uri()' utility that is somewhere in DataStore suite.

mkultraWasHere avatar Mar 29 '18 18:03 mkultraWasHere