Add support for OpenIOC v1.1 #4
Comments
|
Hi, I've seen that this project has very recent commit, however this issue is one year old. I wonder if there's any plan on supporting 1.1 in the near future. Thanks for your hard work, |
|
Hi @newlog! Thanks for commenting on this issue. We don't currently have plans to support OpenIOC 1.1 but we'll be sure to close this out if we implement support for 1.1. |
|
Thanks for the update! I was willing to use stix as my base format and convert openioc format to stix and work from that (so there's no need to maintain three different core parsers). I might still do this, but depending on how prevalent openioc 1.1 is, that might not be possible. In any case, after looking at the 1.1 changelog it seems that not a lot was changed. Furthermore, using the mentioned process might still be the best option for a fast development given that I've not being able to find complete and "reliable" open source parsers for openioc 1.1. That makes me wonder if that format is widely used... Thanks again, |
|
I've just found out the existence of these scripts to convert from openioc 1.0 to 1.1 and from 1.1 to 1.0. https://github.com/mandiant/ioc_writer/tree/master/examples Just in case you are interested in integrating it. As for me, I will use the 1.1 to 1.0 script and then yours to convert it to stix. Thanks, |
Currently, this utility only handles OpenIOC v1.0 documents. We should add support for the newer version, OpenIOC v1.1.
The text was updated successfully, but these errors were encountered: