[cti-users] Java-STIX examples

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[cti-users] Java-STIX examples

Christopher Roblee
Can someone point me to some best practices (and ideally code examples)
for generating STIX packages from existing internal formats using the
java-stix library?

We have an internal JSON incident report representation and are hoping
to map parts or all of it to the pertinent STIX constructs.

The examples here
<https://github.com/nemonik/java_stix/tree/master/src/main/java/org/mitre/stix/examples>
and here <https://github.com/stucco/STIXExtractors> are helpful, but I
would love to hear about other people's experiences trying to do
something similar.

Thanks,
Chris

--
Chris Roblee
Director of Engineering
TruSTAR Technology
Mobile: +1 781 248 2828
OpenPGP key ID: 2C9D0D20


This publicly archived list provides a forum for asking questions,
offering answers, and discussing topics of interest on STIX,
TAXII, and CybOX.  Users and developers of solutions that leverage
STIX, TAXII and CybOX are invited to participate.

In order to verify user consent to OASIS mailing list guidelines
and to minimize spam in the list archive, subscription is required
before posting.

Subscribe: [hidden email]
Unsubscribe: [hidden email]
Post: [hidden email]
List help: [hidden email]
List archive: http://lists.oasis-open.org/archives/cti-users/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
CTI Technical Committee: https://www.oasis-open.org/committees/cti/
Join OASIS: http://www.oasis-open.org/join/

Reply | Threaded
Open this post in threaded view
|

Re: [cti-users] Java-STIX examples

Alex ter Weele
The STIX bindings are pretty expansive because of the complexity of STIX.  If you haven’t already, I recommend cloning the project off of GitHub and building it locally, because I don’t think the javadoc is hosted anywhere.
I favor the “with” style methods because they chain easily to produce XML with the elements you want:

    new org.mitre.cybox.objects.Address()
        .withAddressValue(addr)
        .withIsDestination(false)
        .withIsSpoofed(true)
        // ...etc

The downside of this is that you’ll still have to check the STIX spec to make sure that you’re filling in all the required fields and producing valid STIX.
Hope that helps.
This publicly archived list provides a forum for asking questions,
offering answers, and discussing topics of interest on STIX,
TAXII, and CybOX.  Users and developers of solutions that leverage
STIX, TAXII and CybOX are invited to participate.

In order to verify user consent to OASIS mailing list guidelines
and to minimize spam in the list archive, subscription is required
before posting.

Subscribe: [hidden email]
Unsubscribe: [hidden email]
Post: [hidden email]
List help: [hidden email]
List archive: http://lists.oasis-open.org/archives/cti-users/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
CTI Technical Committee: https://www.oasis-open.org/committees/cti/
Join OASIS: http://www.oasis-open.org/join/

Reply | Threaded
Open this post in threaded view
|

Re: [cti-users] Java-STIX examples

Walsh, Michael J.

The javadocs *are* in Maven Central associate with each build.

http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22org.mitre%22%20AND%20a%3A%22stix%22

So for v1.2.0.2 you could on the command-line:

curl -o javadoc.jar http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22org.mitre%22%20AND%20a%3A%22stix%22
jar -xvf javadoc.jar

And you’ll have all the javadocs.

-Michael



On 8/18/15, 3:24 PM, "[hidden email] on behalf of Alex ter Weele" <[hidden email] on behalf of [hidden email]> wrote:

>The STIX bindings are pretty expansive because of the complexity of STIX.  If you haven’t already, I recommend cloning the project off of GitHub and building it locally, because I don’t think the javadoc is hosted anywhere.
>I favor the “with” style methods because they chain easily to produce XML with the elements you want:
>
>    new org.mitre.cybox.objects.Address()
>        .withAddressValue(addr)
>        .withIsDestination(false)
>        .withIsSpoofed(true)
>        // ...etc
>
>The downside of this is that you’ll still have to check the STIX spec to make sure that you’re filling in all the required fields and producing valid STIX.
>Hope that helps.
>This publicly archived list provides a forum for asking questions,
>
>offering answers, and discussing topics of interest on STIX,
>
>TAXII, and CybOX.  Users and developers of solutions that leverage
>
>STIX, TAXII and CybOX are invited to participate.
>
>
>
>In order to verify user consent to OASIS mailing list guidelines
>
>and to minimize spam in the list archive, subscription is required
>
>before posting.
>
>
>
>Subscribe: [hidden email]
>
>Unsubscribe: [hidden email]
>
>Post: [hidden email]
>
>List help: [hidden email]
>
>List archive: http://lists.oasis-open.org/archives/cti-users/
>
>List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
>
>CTI Technical Committee: https://www.oasis-open.org/committees/cti/
>
>Join OASIS: http://www.oasis-open.org/join/
>
Reply | Threaded
Open this post in threaded view
|

Re: [cti-users] Java-STIX examples

Alex ter Weele
In reply to this post by Christopher Roblee
Stuart,
I’m not terribly familiar with JAXB, but I think you could create addr in my example with

    (new org.mitre.cybox.common_2.ObjectFactory()).createStringObjectPropertyType().withValue("10.0.0.1")

SpringObjectPropertyType also provides a way to get an instance with just a constructor, skipping the intermediate of a factory:

    (new StringObjectPropertyType()).withValue("10.0.0.1")
This publicly archived list provides a forum for asking questions,
offering answers, and discussing topics of interest on STIX,
TAXII, and CybOX.  Users and developers of solutions that leverage
STIX, TAXII and CybOX are invited to participate.

In order to verify user consent to OASIS mailing list guidelines
and to minimize spam in the list archive, subscription is required
before posting.

Subscribe: [hidden email]
Unsubscribe: [hidden email]
Post: [hidden email]
List help: [hidden email]
List archive: http://lists.oasis-open.org/archives/cti-users/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
CTI Technical Committee: https://www.oasis-open.org/committees/cti/
Join OASIS: http://www.oasis-open.org/join/