This is a plug-in for CIF that consists of Perl and Python modules. Perl-based CIF plug-in passes JSON-like (objects in {}, but no commas in between) formatted result of CIF query to Python-based STIX/Cybox document builder.

The STIX/CyBox builder can be run as an independent application with 2 options:

Option 1:

Option 2:

Main Functionality

Perl Module

  • Takes query result and transform into JSON-like format (same as original CIF JSON format)
  • Passes JSON to Python module

Python module

  • Parses incoming stream or file and identifies JSON objects (CIF JSON output format)
  • Parses JSON objects and maps keys to corresponding STIX/CyBox object
  • Creates a separate Indicator for each JSON object
  • Reports new keys
  • Builds STIX document from the set of Indicators
  • Returns stream or file in STIX format
  • Logs in activities

For assistance with the Cif2Stix script, please contact .