– Curently, there is a single revision of the object in the system. – The view also shows the marking that has been extracted and associated with this info object and all other info objects extracted from the STIX package. Would they be imported at a later point of time (identified by identifier and namespace of the identifier), the placeholders would be overwritten. You see two objects called PLACEHOLDER: as it turns out, the STIX package references these two objects without actually defining them. The fact values that appear in blue are actually links to other info objects that have been extracted from the but this is just a view after all: you can create a view that suits you better.) – The bulk of the display in the center concerns the facts contained in the object (the color coding shows the structuring of the facts – it takes a bit of getting used to. – At the top, we have identifiying information.
2.6: View of STIX package presenting top-level of APT 1 report 2.5: Result of filtering for STIX_Packagesįig. 2.4: Filtering with respect to information object typesįig. Here, we filter by information object type, and chose the STIX_Package.įiltering results for STIX_Packages yields two results: the package that represents the top-level of the APT-1 report and the package that represents appendix G.Ĭlicking on the STIX package for the top-level of the APT-1 report shows MANTIS’s representation of the info object:įig.
The filter box on the page showing the information object list allows filtering with respect to several commonly used criteria. 2.3: The list of information objects (standard URL: /mantis/View/InfoObject) 2.4 Filtering So in the next step, we filter the list a bit.įig. The count shows a quite large number of objects, and we obviously need a way to find our way around.
We imported the top-level STIX package and theĪppendix G with full indicators of compromise (i.e., Mandiant OpenIOC is embedded into the STIX XML). The screenshot below shows the overview of imported information objects right after import of MITRE’s conversion of the MITRE STIX conversion of APT-1 report.
– A menu for viewing/editing user-specific information 2.3 Viewing imported information objects – A menu over which saved searches are accessible – A menu over which the existing search/filter views are accessible 2.2: The menus presented to the user by MANTIS In its default configuration, MANTIS currently presents three menus:įig. Mantis Documentation, Release 0.2.1 2.2 Menus You can customizeĭjango to do authentication differently (see the Django documentation on customizing authentication.
To get an idea of what MANTIS currently provides, take a look at the following screenshots.ĭjango’s standard login screen, rendered with the Grappelli skin that is used by Mantis. – django-mantis-taxii (under development) The heavy lifting is done in the following Django Apps: STIX, CybOX, OpenIOC, IODEF (RFC 5070), etc. The MANTIS (Model-based Analysis of Threat Intelligence Sources) Framework consists of several DjangoĪpps that, in combination, support the management of cyber threat intelligence expressed in standards such as
– The archives of the mailing list are available via Nabble. – Subscribe to the mailing list by sending a mail to There is a mailing list for dicussions, questions, etc.:.– Either via git clone from the Mantis Github Repository (recommended): git clone
Access to the Mantis source code for installation:.The MANTIS (Model-based Analysis of Threat Intelligence Sources) Framework consists of several Django Apps that, in combination, support the management of cyber threat intelligence expressed in standards such as STIX, CybOX , (Semi-)automated installation with Vagrant Dealing with embeddings of different standards