Software Engineering Institute

CERT Stix2Cif is a plug-in for CIF that parses STIX/Cybox documents into JSON CIF feed files with corresponding configuration files for each source document and feeds them to CIF. This plug in monitors the drop-off directory for XML files, parses STIX/CyBox documents and maps keys to CIF parameters, creates a separate JSON object for each indicator, builds a JSON feed file and CIF feed configuration file from each source XML file—allows changing configuration of CIF Feeds—and logs activities.