We offer a fully web version of Stixify which includes many additional features over those in this codebase. You can find out more about the web version here.
Stixify takes a file and converts into structured threat intelligence.
Lots of intelligence is shared in PDFs, Word docs, Powerpoints, emails, Slack messages, etc.
To help automate the extraction of intelligence from these documents, Stixify automatically extracts indicators for viewing to a user.
It works at a high level like so:
stixify and a collection matching the identity ID used to create the objects# clone the latest code
git clone https://github.com/muchdogesec/stixifyStixify has various settings that are defined in an .env file.
To create one using the default settings:
cp .env.example .envsudo docker compose buildsudo docker compose upThe webserver (Django) should now be running on: http://127.0.0.1:8004/
You can access the Swagger UI for the API in a browser at: http://127.0.0.1:8004/api/schema/swagger-ui/
Note, this script will not install an ArangoDB instance.
If you're new to ArangoDB, you can install the community edition quickly by following the instructions here.
If you are running ArangoDB locally, be sure to set ARANGODB_HOST_URL="http://localhost:8529/" in the .env file otherwise you will run into networking errors.
The script will automatically create a database called stixify_database when the container is spun up (if it does not exist).
The converted STIX objects will be stored in collections names stixify_vertex_collection and stixify_edge_collection depending on the object type.
Note, if you intend on using this in production, you should also modify the variables in the .env file for POSTGRES_DB, POSTGRES_USER, POSTGRES_PASS, DJANGO_SECRET and DEBUG (to False)
Minimal support provided via the DOGESEC community.