About the CTI-Toolkit¶
Few systems can utilise indicators and observables when stored in STIX packages.
CERT Australia has developed a utility (
stixtransclient.py) that allows the
atomic observables contained within a STIX package to be extracted and presented
in either a text delimited format, in the Bro Intel Framework format, or in
a Snort or Suricata rule format .
The utility can also communicate with a MISP server and insert observables from a STIX
package into a new MISP event.