Skip to content

MISP/cti-transmute

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

146 Commits
bin
bin
 
 
config
config
 
 
cti_transmute
cti_transmute
 
 
vendor
vendor
 
 
website
website
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
CLAUDE.md
CLAUDE.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
uv.lock
uv.lock
 
 

Repository files navigation

CTI-Transmute

CTI-Transmute logo

An online service for converting cyber threat intelligence format (CTI-Transmute.org), built to promote interoperability and seamless data exchange. This repository includes the complete source code of the online service if you want to run it locally. This service leverages the misp-stix open-source library (misp-stix) to facilitate conversion.

Main Features

  • API: A quick and easy-to-use API for converting between the MISP (MISP standard) and STIX formats.
  • User Management: An intuitive interface to manage users of the service.
  • History: Keeping track of all the conversions (private and public).
  • Diffing: Reviewing changes of conversions and updates in the CTI file converted.
  • Share: A Share link to allow users to share conversions with private groups.
  • Live Conversion: Users can directly convert rules in the UI or via the API.

Demo

A video walkthrough of CTI-Transmute is available on YouTube. It covers the main features and usage of the service.

CTI-Transmute Demo

Screenshots

Dashboard Overview Component Details Asset Management

Installation

Prerequisites

  • Python 3.10 or higher
  • A recent version of uv — installation instructions here
  • PostgreSQL (the default credentials are cti_user / cti_pass on localhost:5432/cti_db)

Fresh install on a new machine

# 1. Clone with submodules (misp-taxonomies, misp-galaxy, pivotick)
git clone --recurse-submodules https://github.com/MISP/cti-transmute.git
cd cti-transmute

# 2. One-shot init: install deps + create DB + run migrations
uv run manage init

# 3. Start
uv run manage start

Note: uv run manage init tries to create the PostgreSQL role and database automatically (connecting as the postgres superuser). If that fails due to permissions, create them manually first:

CREATE ROLE cti_user WITH LOGIN PASSWORD 'cti_pass';
CREATE DATABASE cti_db OWNER cti_user;

Then re-run uv run manage init.

Managing the service

CTI-Transmute ships with a manage script that covers all day-to-day operations:

uv run manage init     # First-time setup (submodules + deps + DB + migrations)
uv run manage start    # Start the website
uv run manage update   # Pull latest code + sync deps + run DB migrations
uv run manage backup   # Backup the PostgreSQL database
uv run manage deploy   # Full production deployment: backup → update → start
uv run manage db       # Run flask db upgrade (or: db migrate, db downgrade…)
uv run manage help     # Show all commands

Daily use — just start the app:

uv run manage start

After pulling new code (migrations run automatically):

uv run manage update
uv run manage start

Production deployment (backup first, then update and restart):

uv run manage deploy

Query Examples

The main feature provided with the API is a seamless conversion between CTI standards.

Here are some examples:

  • Get the list of currently supported convertes
curl -X GET https://cti-transmute.org/api/convert/list
  • Convert MISP data to STIX 2.1
curl -X POST -H "Content-Type: application/json" -d "@/path/to/misp_data.json" \
https://cti-transmute.org//api/convert/misp_to_stix

# OR
curl -X POST -F "file=@/path/to/misp_data.json" https://cti-transmute.org/api/convert/misp_to_stix
  • Convert STIX 2.x Bundle to MISP standard format
curl -X POST -H "Content-Type: application/json" -d "@/path/to/stix_data.json" \
https://cti-transmute.org/api/convert/stix_to_misp

# OR
curl -X POST -F "file=@/path/to/stix_data.json" https://cti-transmute.org/api/convert/stix_to_misp

Funding

ENSOC (101127660 — ENSOC — DIGITAL-ECCC-2022-CYBER-03) is a European project co-financed under the call DIGITAL-ECCC-2022-CYBER-03, aiming to create a Crossborder Platform with the purpose of improving the collective security of EU stakeholders and support CSIRTs and SOCs by overlapping defensive capabilities.

The ENSOC Consortium composed of seven member states, namely Austria, Luxembourg, Romania, Netherlands, Portugal, Italy and Spain have joined together to build a collaborative, interoperable and sustainable crossborder SOC platform with the aim to support the detection and prevention of cyber threats.

Co-Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or ECCC. Neither the European Union nor the granting authority can be held responsible for them.

EU-logo

License

CTI-Transmute is free software released under the "GNU Affero General Public License v3.0".

Copyright (c) 2025 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (c) 2025 Christian Studer - https://github.com/chrisr3d
Copyright (c) 2025 Theo Geffe - https://github.com/ecrou-exact/

About

An online service for converting cyber threat intelligence format, built to promote interoperability and seamless data exchange

cti-transmute.org

Topics

misp stix cti threat-intelligence stix2 cyberthreatintelligence threat-intelligence-data

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

28 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases 4

cti-transmute v1.3 released with improved visual intelligence, MISP import/export, Community evaluation of CTI Latest
May 27, 2026
+ 3 releases

Packages

 
 
 

Contributors

Languages