GithubHelp home page GithubHelp logo

Comments (4)

olegzhr avatar olegzhr commented on June 1, 2024 1

Hi,

Sysdig is based on Falco project.
If you need to see translated json Falco format to STIX-Shifter output,
you can use Alertflex connector.

please see example below:

{
"type": "bundle",
"id": "bundle--094fbe38-ab30-4e40-9416-07d5509caa93",
"spec_version": "2.0",
"objects": [
{
"type": "identity",
"id": "identity--3532c56d-ea72-48be-a2ad-1a53f4c9c6d3",
"name": "Alertflex",
"identity_class": "events"
},
{
"id": "observed-data--43bb881a-64df-4bdf-8b40-25329300e85a",
"type": "observed-data",
"created_by_ref": "identity--3532c56d-ea72-48be-a2ad-1a53f4c9c6d3",
"created": "2021-07-29T21:24:34.011Z",
"modified": "2021-07-29T21:24:34.011Z",
"objects": {
"0": {
"type": "ipv4-addr",
"value": "0.0.0.0"
},
"1": {
"type": "network-traffic",
"src_ref": "0",
"dst_port": 0,
"protocols": [
"ip"
],
"src_port": 0,
"dst_ref": "4"
},
"2": {
"type": "process",
"name": "altprobe"
},
"3": {
"type": "file",
"name": "/etc/altprobe/filters.json"
},
"4": {
"type": "ipv4-addr",
"value": "0.0.0.0"
},
"5": {
"type": "user-account",
"user_id": "root"
}
},
"x_org_alertflex": {
"severity": 2,
"agent": "collr02",
"description": "00:16:25.340210122: Error File below /etc opened for writing (user=root command=altprobe start parent=altprobe pcmdline=altprobe start file=/etc/altprobe/filters.json program=altprobe gparent= ggparent= gggparent= container_id=host image=)",
"source": "Falco",
"type": "HOST",
"node": "node01",
"event": "Write below etc",
"category": "falco, filesystem, mitre_TA0003",
"info": "indef"
},
"first_observed": "2021-07-29T21:16:25.000Z",
"last_observed": "2021-07-29T21:16:25.000Z",
"number_observed": 1
}
]
}

from stix-shifter.

JasonKeirstead avatar JasonKeirstead commented on June 1, 2024

This is a very interesting proposal.

from stix-shifter.

marcredhat avatar marcredhat commented on June 1, 2024

Thanks @JasonKeirstead
Please see a short video at http://bit.ly/threatmanage

from stix-shifter.

mdazam1942 avatar mdazam1942 commented on June 1, 2024

@marcredhat do you have any proposed implementation?

from stix-shifter.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.