a simple flash app that
- collect FireEye (CMS) produced Extended XML notification
- dispatches to fexml2stix.FireEyeXMLParser (STIX)
- collects the malware object from FireEye Alerts
- send malware objects to a Viper instance for storage
fexml2stix.FireEyeXMLParser (inspired from fe2stix https://github.com/BechtelCIRT/fe2stix )
Parses the XML, uses fireeye.* API, translates to STIX, and send to STIX server.
a WS API and HTML API to collect additional alerts/reports from the CMS.
XML to Python bindings by generateDS. FireEye (~7.6) alerts XSD to python.
Wrapper to push malware file object to a viper instance
Set the variables in the config.py file
- Create HTTP Event
- Add HTTP Server
- Name it 'fexml2stix'
- Set the server URL as 'http://youserver.com:5000/api/v1/fe'
- Notify for all events and deliver per event
- Leave it as the generic provider
- Select 'JSON Normal' for the message format
- Submit a malicious sample, and watch the magic happen