About the CTI-ToolkitΒΆ

Few systems can utilise indicators and observables when stored in STIX packages. CERT Australia has developed a utility (stixtransclient.py) that allows the atomic observables contained within a STIX package to be extracted and presented in either a text delimited format, in the Bro Intel Framework format, or in a Snort or Suricata rule format . The utility can also communicate with a MISP server and insert observables from a STIX package into a new MISP event.