Skip to main content

Cyware Threat Intelligence eXchange

Export Threat Data Object Details

You can export threat data object details from the platform in various formats and download the exported file for offline analysis. You can export details such as the title, type, TLP, and more in XML (STIX 1.x), STIX 2.0, STIX 2.1, and MISP formats.

Note

  • You cannot export a report object details. However, you can export the relations of the report object. To export the top-level report content, export the report object from Main Menu > Collection > Threat Data.

  • Exporting malware analysis objects only includes the latest entry of the modules.

  • Currently, related sighting objects are not included in the export.

Steps

To export the threat data object details, follow these steps:

  1. Go to Main Menu > Collection > Threat Data, and select an object to export.

  2. Click Export Threat Data and select one of the following file formats to export the details of the threat data object:

    • XML (Exports object details in the STIX 1.x expression)

      Note

      The STIX 1.x expression does not support custom property for SDOs. Therefore, the export does not include custom attributes of the objects.

    • STIX 2.0

    • STIX 2.1

    • MISP

      Note

      To export in the MISP format, some object types must include certain mandatory fields. If these fields are missing, the export may be skipped or lead to incomplete or incorrect outputs. For more information about the mandatory fields, see Mandatory MISP Fields.

The export task is processed in the background. You will receive an in-app notification after the threat data object details are exported. Click Download File to download the export file from the notification.

Mandatory MISP Fields

The following object types require certain field keys to export them in the MISP format

Object Type

Mandatory Field Keys

Windows Service

service_name

User Account

  • credential

  • user_id

  • account_login

X509 Certificate

  • serial_number

  • issuer

  • hashes.MD5

  • hashes.SHA-1

  • hashes.SHA-256

Windows Registry Key

  • key

  • values

Email Message

  • from

  • from-display-name

  • to

  • to-display-name

  • subject

  • attachments

  • message_id

  • date

  • headers

  • body

Network Traffic

  • start

  • src_ip

  • dst_ip

  • src_port

  • dst_port

Process

  • pid

  • image_path

  • command_line

  • cwd

Export Object Relationships

You can export the relationship details of a threat data object, such as the object type, value, relationship type, source, and more, in CSV format. You can export a maximum of 10,000 relationships. If there are more than 10,000 relationships, the latest 10,000 relationships are exported.

Steps

To export the relationships of a threat data object, follow these steps:

  1. Go to Main Menu > Collection > Threat Data, and select a threat data to export the relations.

  2. Click Export Relations and select CSV to export the relations in CSV format.

The export task is processed in the background. You will receive an in-app notification after the relationship details of the threat data object are exported. Click Download File to download the export file from the notification.