This is a plug-in for CIF that consists of a Python module. It parses STIX/Cybox documents into JSON CIF Feed files with corresponding configuration files for each source document and feed it to CIF.

Stix2Cif runs from command line:

    stix2cif [-c <config>]

Main Functionality

Python Module

  • Monitors drop-off directory for XML files
  • Parses STIX/CyBox documents and maps keys to CIF parameters
  • Creates a separate JSON object for each Indicator
  • Builds a JSON Feed file and CIF Feed configuration file from each source XML file
  • Allows changing configuration of CIF Feed
  • Logs in activities

For assistance with the Stix2Cif script, please contact .