We offer a fully web version of Stixify which includes many additional features over those in this codebase. You can find out more about the web version here.
Stixify takes a file and converts into structured threat intelligence.
Lots of intelligence is shared in PDFs, Word docs, Powerpoints, emails, Slack messages, etc.
To help automate the extraction of intelligence from these documents, Stixify automatically extracts indicators for viewing to a user.
It works at a high level like so:
stixify
and a collection matching the identity
ID used to create the objects# clone the latest code
git clone https://github.com/muchdogesec/stixify
Stixify has various settings that are defined in an .env
file.
To create one using the default settings:
cp .env.example .env
sudo docker compose build
sudo docker compose up
The webserver (Django) should now be running on: http://127.0.0.1:8004/
You can access the Swagger UI for the API in a browser at: http://127.0.0.1:8004/api/schema/swagger-ui/
Note, this script will not install an ArangoDB instance.
If you're new to ArangoDB, you can install the community edition quickly by following the instructions here.
If you are running ArangoDB locally, be sure to set ARANGODB_HOST_URL="http://localhost:8529/"
in the .env
file otherwise you will run into networking errors.
The script will automatically create a database called stixify_database
when the container is spun up (if it does not exist).
The converted STIX objects will be stored in collections names stixify_vertex_collection
and stixify_edge_collection
depending on the object type.
Note, if you intend on using this in production, you should also modify the variables in the .env
file for POSTGRES_DB
, POSTGRES_USER
, POSTGRES_PASS
, DJANGO_SECRET
and DEBUG
(to False
)
Minimal support provided via the DOGESEC community.