Is there a way to add STIX files or feeds?

[Wpq]

Hello everyone,

When looking at the documentation, it is not clear whether it is possible to add STIX files (or feeds that gets updates automatically).

I thought that this would not be possible, but a post in this group (https://groups.google.com/g/wazuh/c/osrPRPw5IO0/m/wIix2gZ9AwAJ) mentioned

> it looks like the STAXX client is reading the STIX/TAXII feed

Let's say I have a private STIX file (or feed), is there a straightforward way to add it to the list of IOCs that clients are checked agaonst?

[Jesus Linares]

Hi,

I'm not familiar with STAXX but I think it could work like any other external tool that we integrate with Wazuh:

• Configure STAXX client to log the output to a file.
• Run the STAXX client with your STIX file.
• Read the output file with Wazuh.
• Create decoders and rules in Wazuh.

If you share the output file, we can help you with the decoders/rules.

Also, as I mentioned in the other thread, you can open an issue in our repository describing the feature. In this way, we can review it and prioritize it in the roadmap.

I hope it helps.

Regards.