In this post I will describe how observables are extracted from documents and converted to STIX objects by file2stix.
Blog
The Signals Corps blog
-
Building file2stix: Extracting Observables (part 2)
Products May 29, 2023
-
Building file2stix: Ingesting and Processing Files (part 1)
Products May 15, 2023
In this post I will describe some of the problems I wanted to solve building file2stix, the research that went into it, and jump into the basics of how intelligence reports are ingested.
-
Building cyber-security software using GPT-4 (Part 5)
Research May 01, 2023
In this post I will show you some of my research trying to build existing Signals Corps products using ChatGPT.
-
Writing detection rules using GPT-3.5 (part 4)
Research April 17, 2023
In this post I will show you some of my experiments using GPT to generation detection rules.
-
Building cve2stix: Designing the web interface (part 6)
Products April 03, 2023
In this post I will show you how we designed the cve2stix web app.
-
Building cve2stix: Designing the API (part 5)
Products March 20, 2023
In this post I will show you the design decisions that went into building the cve2stix API (and why I didn’t choose TAXII).
-
Building cve2stix: Enriching NVD CVE data (part 4)
Products March 06, 2023
In this post I will show you how cve2stix enriches CVEs to provide additional context to each vulnerability.
-
Building cve2stix: Modelling NVD Data as STIX 2.1 Objects (part 3)
Products February 20, 2023
In this post I will show you how to use STIX 2.1 SDOs, SCOs, and SROs to standardised the way vulnerabilities are represented.
-
Building cve2stix: CPE and CVEs matching (part 2)
Products February 06, 2023
In this post I will show you how to analyse CPE combinations reported in CVEs to identify vulnerable products.
-
Building cve2stix: CPEs, CVEs, and the NVD APIs (part 1)
Products January 23, 2023
In this post I will introduce the important concepts of CVEs and CPEs and explain how to work with them using the NVD API.