Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/giterlizzi/perl-stix

Structured Threat Information Expression (STIX) Perl interface
https://github.com/giterlizzi/perl-stix

cti perl perl5 stix stix2

Last synced: 13 days ago
JSON representation

Structured Threat Information Expression (STIX) Perl interface

Awesome Lists containing this project

README 

        
[![Release](https://img.shields.io/github/release/giterlizzi/perl-STIX.svg)](https://github.com/giterlizzi/perl-STIX/releases) [![Actions Status](https://github.com/giterlizzi/perl-STIX/workflows/linux/badge.svg)](https://github.com/giterlizzi/perl-STIX/actions) [![License](https://img.shields.io/github/license/giterlizzi/perl-STIX.svg)](https://github.com/giterlizzi/perl-STIX) [![Starts](https://img.shields.io/github/stars/giterlizzi/perl-STIX.svg)](https://github.com/giterlizzi/perl-STIX) [![Forks](https://img.shields.io/github/forks/giterlizzi/perl-STIX.svg)](https://github.com/giterlizzi/perl-STIX) [![Issues](https://img.shields.io/github/issues/giterlizzi/perl-STIX.svg)](https://github.com/giterlizzi/perl-STIX/issues) [![Coverage Status](https://coveralls.io/repos/github/giterlizzi/perl-STIX/badge.svg)](https://coveralls.io/github/giterlizzi/perl-STIX)



# STIX - Perl extension for STIX (Structured Threat Information Expression)



## Synopsis



```.pl

# Object-Oriented interface



use STIX::Indicator;

use STIX::Common::Timestamp;

use STIX::Common::Bundle;



my $bundle = STIX::Common::Bundle->new;



push @{ $bundle->objects }, STIX::Indicator->new(

    pattern_type    => 'stix',

    created         => STIX::Common::Timestamp->new('2014-05-08T09:00:00'),

    name            => 'IP Address for known C2 channel',

    description     => 'Test description C2 channel.',

    indicator_types => ['malicious-activity'],

    pattern         => "[ipv4-addr:value = '10.0.0.0']",

    valid_from      => STIX::Common::Timestamp->new('2014-05-08T09:00:00'),

);



# Functional interface



use STIX qw(:all);



my $bundle = bundle(

    objects => [

      indicator(

        pattern_type    => 'stix',

        created         => '2014-05-08T09:00:00',

        name            => 'IP Address for known C2 channel',

        description     => 'Test description C2 channel.',

        indicator_types => ['malicious-activity'],

        pattern         => "[ipv4-addr:value = '10.0.0.0']",

        valid_from      => '2014-05-08T09:00:00',

      )

    ]

);



# Validate



my @errors = $bundle->validate;



say $_ for @errors;



# Render in JSON



say $bundle;



# {

#    "id" : "bundle--eb2f23f1-8084-4847-8fe6-a5bc95cb024c",

#    "objects" : [

#       {

#          "created" : "2014-05-08T09:00:00.000Z",

#          "description" : "Test description C2 channel.",

#          "id" : "indicator--3b67f5b2-a1dc-4464-8617-d8bd371079ca",

#          "indicator_types" : [

#             "malicious-activity"

#          ],

#          "modified" : "2014-05-08T09:00:00.000Z",

#          "name" : "IP Address for known C2 channel",

#          "pattern" : "[ipv4-addr:value = '10.0.0.0']",

#          "pattern_type" : "stix",

#          "spec_version" : "2.1",

#          "type" : "indicator",

#          "valid_from" : "2014-05-08T09:00:00.000Z"

#       }

#    ],

#    "type" : "bundle"

# }



```



## Install



Using Makefile.PL:



To install `STIX` distribution, run the following commands.



    perl Makefile.PL

    make

    make test

    make install



Using `App::cpanminus`:



    cpanm STIX



## Documentation



- `perldoc STIX`

- https://metacpan.org/release/STIX

- [OASIS-Open] STIX Version 2.1 (https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html)



## Copyright



- Copyright 2024 © Giuseppe Di Terlizzi