Home
Seamless Threat Intelligence Platform enables better incident response and information sharing, which brings down barriers among separate practices of CTI sharing.
S-TIP is built around a very simple, but extremely powerful concept - Convert whatever CTI into a STIX file or a set of STIX files, send them around, and create different views dynamically from those STIX file.
- STIX 1.1/1.2/2.0
- TAXII 1.1 Client/Server
TAXII 2.0 compatibility is coming soon.
S-TIP consists of three modules.
- RS
- SNS
- GV
RS is the store and transport hub of STIX files. It uses MongoDB to store STIX 1.x and STIX 2.x data. RS serves as a TAXII client. RS as a TAXII client can connect to TAXII servers to download STIX files. (RS also serves as TAXII server with using opentaxii.)
- AlienVault OTX
- MISP
- iSIGHTPartners
SNS is a practical interface of social media for users. It uses bootcamp internally.
Important to note is that there are both human CTI and System CTI in the same timeline.
User creates a new post with Title/Content/Attachment files(e.g. csv of indicators)/TLP/Sharing Range. The post is automatically converted to a STIX file and accumulated into RS.
S-TIP tries to extract IoCs and other elements like CVEs from the post and its attachments. Currently, it extracts
- Domain names
- Email addresses
- File names
- IPv4 addresses
- MD5/SHA1/SHA256/SHA512/ hash values
- URLs
The TLP (Red/Amber/Green/White) is saved into the STIX.
Sharing Range is not saved in STIX. This is for sharing with other users in the S-TIP instance.
- JIRA
GV is a CTI Graph Analytics View.
It visualizes STIX as CTI connected graph. Nodes are STIX elements like Indicators/Observables/Threat Actors/TTPs/Exploit Targets/Course of Actions/Campaigns.
When the user select a specific STIX, S-TIP automatically searches related STIX stored in RS and lists them. Related STIXs are linked to each other through thick links. (In the below diagram, Each STIX has the same IPv4 address as indicator).
- Migration to Python 3.x
- Slack integration
- TAXII 2.x support