User-level tooling can help abstract away the STIX XML and provide you with different views or capabilities for working with STIX that may not require you to know XML at all. Currently, the two more capable user-level tools are
STIX to HTML.
A visualization tool that renders STIX documents in three unique ways which capture and present hierarchical, relational, and temporal perspectives of the content.
STIXViz helps you understand the connections and relationships between the components of a STIX document through three different views:
STIXViz also includes the
STIX to HTML as a component, allowing users to view the details and contents of the rendered nodes.
If you’re just starting out in STIX and want to see what it’s capable of, we suggest downloading
STIXViz and opening up the more complex reports available on the STIX Sample Reports page (e.g., FireEye Poison Ivy Report and Mandiant APT1 Report) in the tool.
STIX to HTML is an XSLT stylesheet that can transform a STIX XML document into a human-readable HTML view. It was designed to be leveraged by developers, either as a mechanism for batch rendering STIX document or to be embedded as a visualization component within a STIX-capable application.
STIX to HTML transform is leveraged by
STIXViz to display the contents and details of individual components.
STIX to HTML is an XSLT stylesheet, users must be familiar with XSLT or XSLT processing libraries/engines (e.g.,
libxslt) in order to use it. If you’re not familiar with XSLT or how to run it against XML, we suggest downloading
STIXViz and looking at the
STIX to HTML output that it includes instead.
STIX to HTML was created by and for developers, allowing for customization and extension were a priority. Documentation on how to customize
STIX to HTML to fit your application/operational needs is also available.
The STIX project develops and maintains utilities for the STIX community which generate, translate, or otherwise leverage STIX content in useful ways. Many of our projects utilize our own developer tools and APIs, so other developers can use these utilities as examples of how to navigate the STIX API landscape!
OpenIOC to STIX is a Python utility to convert Mandiant’s OpenIOC format into STIX Indicators (with CybOX Observables). This tool was used to generate the Indicators file in the APT1 report mapping on the STIX Sample Reports page.
While useful for it’s stated purpose, the other way to use this tool is as an example of how to generate STIX content programmatically using the machine-generated bindings included in the
python-stix APIs. Looking through the source code is a great way to see how they work and how to import/use them, in particular for generating indicators with CybOX content.
STIX Validator is a command-line Python utility which validates STIX XML documents in three different ways:
STIX Validator can also translate Excel STIX Profiles into either ISO Schematron or XSLT documents to be used within other applications or validation environments.
Java STIX Validator is a Java FX application, which can perform STIX XML Schema validation via a graphical user interface.
The STIX project develops and maintains APIs which aid developers in parsing, creating, and manipulating STIX content programmatically.
python-stix APIs provide machine-generated bindings and higher-level APIs that aid in the creation, consumption, and manipulation of STIX content. STIX documents can be serialized to and from Python dictionaries, JSON, and schema-valid XML documents.
Our hope is to lift developers above the XML and allow them to focus on creating and parsing cyber threat intelligence as STIX without having to worry about things like XML namespaces, document ordering of elements, or schema locations.
The STIX project provides a java-stix library for both Java and JAXB XML developers. It provides convenience methods to the XJC generated JAXB model. java-stix is not intended to be a one-for-one replacement for the python-stix API.
Please send any feedback about java-stix to email@example.com.
The STIX project does not provide bindings for .NET. Community members, however, have used Microsoft’s standard XML tooling to work with STIX documents and create useful utilities.
We would be glad to link to a .NET project providing bindings. Please contact us at firstname.lastname@example.org.
Using JRuby, it’s possible to use generated JAXB or XMLBeans bindings and import them into Ruby via a Rubygem. Though we don’t provide this capability, the process is essentially:
We would be glad to link to a Ruby project providing bindings. Please contact us at email@example.com.