Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pattern adapters for other patterning languages #294

Open
pcoccoli opened this issue Feb 16, 2023 · 1 comment
Open

Pattern adapters for other patterning languages #294

pcoccoli opened this issue Feb 16, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@pcoccoli
Copy link
Collaborator

A way to implement #122 could be through "pattern adapters" - these would be modules that allow the user to specify patterns in something other than STIX patterns (or ECGPatterns). Some examples:

  • Sigma: specify path to sigma rule file
  • Yara: similar to Sigma (these would only be applicable to STIX artifact objects though)
  • Snort: these might be short enough to specify inline (should probably only apply to network-traffic and maybe artifact objects, if they contain packet payloads)
  • any number of graph pattern languages
@pcoccoli pcoccoli added the enhancement New feature or request label Feb 16, 2023
@subbyte
Copy link
Member

subbyte commented Feb 18, 2023

Good idea making the patterning sub-language extensible.

We may want to have an ABC for any adapter to implement two functions: to_stix() and to_firepit().

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@subbyte @pcoccoli