If you select the STIX (.xml) option when exporting all execution results, Kaspersky Threat Intelligence Portal saves execution results as a file in STIX format.
For the abridged reports, exporting to STIX format is not available.
By default, the format of the file name is as follows: <object MD5>.stix. You can change the file name if necessary. For similar files, the default file name is <object MD5>_similarity.stix.
Each STIX file contains sections described in the tables below.
STIX file sections for Sandbox
Section |
Description |
Comment |
---|---|---|
Description |
Information about object parameters and execution settings (Executing a file, Starting a file upload and execution), threats that were detected during the file execution, and SNORT or Suricata rules that were triggered during analysis of traffic from the executed object. |
— |
Download URLs |
Information about the specified web address and web addresses to which the file redirected during the downloading process. |
This section is available only for files that were downloaded from a web address. |
Files |
Information about files that were extracted from network traffic or saved by the executed file during the execution. |
This section is included to the export file, if there is at least one extracted or saved file was detected. Each extracted or saved file is described in a separate subsection within this section. |
PE images |
Information about loaded images that were detected during the file execution. |
This section is included to the export file, if there is at least one PE image detected. Each loaded PE image is described in a separate subsection within this section. |
Synchronization objects |
Information about synchronization object registered during the file execution. |
This section is included to the export file, if there is at least one synchronization object registered. Each synchronization object is described in a separate subsection within this section. |
Similarity |
Information about files that are similar to the analyzed object. |
— |