StixCreator

Gets a list of indicators from the indicators argument, and generates a JSON file in STIX 2.0 format.

Script Data


NameDescription
Script Typepython3
Tags-

Inputs


Argument NameDescription
indicatorsThe JSON object of all indicators and their fields, indicator index mapped to the Demisto indicator fields.
doubleBackslashAdds a second backslash to all existing backslashes in the value field.

Outputs


PathDescriptionType
StixExportedIndicators.createdThe date/time that the indicator was created.date
StixExportedIndicators.firstSeenThe date/time that the indicator was first seen.date
StixExportedIndicators.sourceThe source system for this indicator.string
StixExportedIndicators.typeThe STIX type (always exported as "indicator").string
StixExportedIndicators.patternThe type and value of indicators. For example, "URL", "IPv4", "domain", "email", and so on.string
StixExportedIndicators.scoreThe STIX impact score. Can be, "High", "Medium", "None", or "Not Specified".string
StixExportedIndicators.modifiedThe date/time that the indicator was last seen.date