Sign up to save your podcasts
Or
Share STIX Shifter - March 2023
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
STIX Shifter - March 2023
Roseann Guttierrez [00:00:00]:
Our guest is Danny Elliott. He is a senior product owner for, UDI and CAR integrations at IBM Security. Danny, did you have anything else you wanted to say for your intro?
Danny Elliott [00:00:10]:
No. That's that's pretty good.
Roseann Guttierrez [00:00:12]:
Alright. Then we'll just jump into the first question, can you give me your elevator pitch on the STIX shifter project?
Danny Elliott [00:00:19]:
STIX shifter is, A, Python library that is able to get data from various security products and data repositories. Essentially, what it does is it takes a, STIX pattern. STIX is a structured threat, intel expression, information expression. So it'll take a STIX pattern, translate that into a native data source query for the target connector, uses that data source's APIs to do a search, gets the results back and then translates that back into Stix objects of observed data.
Roseann Guttierrez [00:00:56]:
Okay. How is it important to you?
Danny Elliott [00:01:00]:
Well, it's important to me because it's a way to normalize the data across different security products. So, you know, different products are all you know, have their own API endpoints, their own query languages. They return results in, you know, their own specific fields and formats. What STIX shifter allows us to do is use the, you know, the open source STIX Standard to normalize that data. So a developer could, say, integrate that into their own security products where they're able to use 1 query in the form of a STIX pattern and then do federated search across multiple data sources, provided that there is a connector that has been built for for the STIX shifter project.
Roseann Guttierrez [00:01:47]:
Okay. So kind of like a translator kind of..
Danny Elliott [00:01:50]:
Exactly. Yeah, a translator and and also, like, transmission. So it handles all of the, API calls that are needed to actually do the search For the targeted data source.
Roseann Guttierrez [00:02:01]:
Gotcha. Where can the project use help? What what are you guys ... or are there certain areas that might need more help than others or.. just in general..
Danny Elliott [00:02:09]:
We're we're always looking for new integrations. So so new connectors, obviously, are are always welcome. So someone in the open source community sees a need for a security product that isn't yet represented in STIX shifter. You know, we definitely always welcome that addition, but also anyone that has specific domain expertise around an existing connector. Maybe you have expertise with querying against Splunk, and you see that there's, there's some gaps or some defects in the existing connector. By all means, like, either raise an issue or or better yet, like, raise a poll request to make that fix.
Roseann Guttierrez [00:02:49]:
Great. Awesome. I think that completes our interview for today. Thanks, Danny.
View all episodes
By Roseann GuttierrezRoseann Guttierrez [00:00:00]:
Our guest is Danny Elliott. He is a senior product owner for, UDI and CAR integrations at IBM Security. Danny, did you have anything else you wanted to say for your intro?
Danny Elliott [00:00:10]:
No. That's that's pretty good.
Roseann Guttierrez [00:00:12]:
Alright. Then we'll just jump into the first question, can you give me your elevator pitch on the STIX shifter project?
Danny Elliott [00:00:19]:
STIX shifter is, A, Python library that is able to get data from various security products and data repositories. Essentially, what it does is it takes a, STIX pattern. STIX is a structured threat, intel expression, information expression. So it'll take a STIX pattern, translate that into a native data source query for the target connector, uses that data source's APIs to do a search, gets the results back and then translates that back into Stix objects of observed data.
Roseann Guttierrez [00:00:56]:
Okay. How is it important to you?
Danny Elliott [00:01:00]:
Well, it's important to me because it's a way to normalize the data across different security products. So, you know, different products are all you know, have their own API endpoints, their own query languages. They return results in, you know, their own specific fields and formats. What STIX shifter allows us to do is use the, you know, the open source STIX Standard to normalize that data. So a developer could, say, integrate that into their own security products where they're able to use 1 query in the form of a STIX pattern and then do federated search across multiple data sources, provided that there is a connector that has been built for for the STIX shifter project.
Roseann Guttierrez [00:01:47]:
Okay. So kind of like a translator kind of..
Danny Elliott [00:01:50]:
Exactly. Yeah, a translator and and also, like, transmission. So it handles all of the, API calls that are needed to actually do the search For the targeted data source.
Roseann Guttierrez [00:02:01]:
Gotcha. Where can the project use help? What what are you guys ... or are there certain areas that might need more help than others or.. just in general..
Danny Elliott [00:02:09]:
We're we're always looking for new integrations. So so new connectors, obviously, are are always welcome. So someone in the open source community sees a need for a security product that isn't yet represented in STIX shifter. You know, we definitely always welcome that addition, but also anyone that has specific domain expertise around an existing connector. Maybe you have expertise with querying against Splunk, and you see that there's, there's some gaps or some defects in the existing connector. By all means, like, either raise an issue or or better yet, like, raise a poll request to make that fix.
Roseann Guttierrez [00:02:49]:
Great. Awesome. I think that completes our interview for today. Thanks, Danny.