New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for OpenIOC v1.1 #4

Open
ikiril01 opened this Issue Apr 25, 2014 · 4 comments

Comments

Projects
None yet
3 participants
@ikiril01
Copy link
Contributor

ikiril01 commented Apr 25, 2014

Currently, this utility only handles OpenIOC v1.0 documents. We should add support for the newer version, OpenIOC v1.1.

@newlog

This comment has been minimized.

Copy link

newlog commented Oct 14, 2015

Hi,

I've seen that this project has very recent commit, however this issue is one year old. I wonder if there's any plan on supporting 1.1 in the near future.

Thanks for your hard work,
newlog

@bworrell

This comment has been minimized.

Copy link
Contributor

bworrell commented Oct 14, 2015

Hi @newlog! Thanks for commenting on this issue. We don't currently have plans to support OpenIOC 1.1 but we'll be sure to close this out if we implement support for 1.1.

@newlog

This comment has been minimized.

Copy link

newlog commented Oct 14, 2015

Thanks for the update!

I was willing to use stix as my base format and convert openioc format to stix and work from that (so there's no need to maintain three different core parsers). I might still do this, but depending on how prevalent openioc 1.1 is, that might not be possible. In any case, after looking at the 1.1 changelog it seems that not a lot was changed.

Furthermore, using the mentioned process might still be the best option for a fast development given that I've not being able to find complete and "reliable" open source parsers for openioc 1.1. That makes me wonder if that format is widely used...

Thanks again,
newlog.

@newlog

This comment has been minimized.

Copy link

newlog commented Oct 14, 2015

I've just found out the existence of these scripts to convert from openioc 1.0 to 1.1 and from 1.1 to 1.0.

https://github.com/mandiant/ioc_writer/tree/master/examples

Just in case you are interested in integrating it. As for me, I will use the 1.1 to 1.0 script and then yours to convert it to stix.

Thanks,
newlog.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment