I finally had some time to build a tool to translate all of the Palo Alto playbooks (in JSON format) that contains a mix of ATT&CK and custom object fields.
Basically the folder stix_bundle_reports/standard contains each a Bundle with non custom objects.
This should then easily be inserted in the database and will look really good for a demo.
We can then tweak the tool to re-introduce the ATT&CK objects (but not the PAN custom fields) when the insert functions allows that.
Enjoy!
@brettforbes
I finally had some time to build a tool to translate all of the Palo Alto playbooks (in JSON format) that contains a mix of ATT&CK and custom object fields. Basically the folder stix_bundle_reports/standard contains each a Bundle with non custom objects. This should then easily be inserted in the database and will look really good for a demo. We can then tweak the tool to re-introduce the ATT&CK objects (but not the PAN custom fields) when the insert functions allows that. Enjoy! @brettforbes