README
¶
🔍 STIX Threat Intelligence Integration for Notion
Integrate Threat intelligence into your Notion workspace with notion-stix. Designed to bring STIX (Structured Threat Information eXpression) formatted threat intelligence data directly into Notion, making it simpler than ever to organize, track, and correlate security threats.
View the website
🌟 Features
- Seamless Integration: Easily integrate STIX formatted files into your Notion workspace.
- Collaborative: Share and collaborate on threat data with your team in Notion.
- Customizable: Tailor the integration settings to fit your specific needs.
🕵️ Data Sources
- MITRE ATT&CK - Enterprise (v14.1) ✅
🚀 Quick Start
Prerequisites
- Go version 1.21 or higher
- Notion API Key
- STIX formatted threat intelligence file
Installation
# With go toolchain
go install github.com/brittonhayes/notion-stix/cmd/stix@latest
stix --help
# Or, with docker
docker run -e NOTION_API_KEY="<your-api-key>" -t ghcr.io/brittonhayes/notion-stix .
Congratulations! 🎉 Your Notion workspace is now empowered with MITRE threat intelligence.
📷 Preview
📜 License
notion-stix is made available under the MIT License.
📖 Code of Conduct
Our community thrives on respect and kindness. Before contributing or participating, please read our Code of Conduct.
Documentation
¶
Overview ¶
Package stix is the parent package to the Notion STIX integration, API, and CLI.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var FS embed.FS
View Source
var TEMPLATES embed.FS
Functions ¶
This section is empty.
Types ¶
type AttackPatternRepository ¶
type AttackPatternRepository interface {
// ListAttackPatterns returns a slice of AttackPattern objects.
ListAttackPatterns(collection *stix2.Collection) []*stix2.AttackPattern
// CreateAttackPatternsDatabase creates a new Notion database for AttackPatterns.
CreateAttackPatternsDatabase(ctx context.Context, client *notion.Client, parentPageID string) (notion.Database, error)
// CreateAttackPatternPage creates a new Notion page for a specific AttackPattern.
CreateAttackPatternPage(ctx context.Context, client *notion.Client, databaseID string, attackPattern *stix2.AttackPattern) (notion.Page, error)
}
type CampaignRepository ¶
type CampaignRepository interface {
// ListCampaigns returns a slice of Campaign objects.
ListCampaigns() []*stix2.Campaign
// CreateCampaignsDatabase creates a new Notion database for Campaigns.
CreateCampaignsDatabase(ctx context.Context, client *notion.Client, parentPageID string) (notion.Database, error)
// CreateCampaignPage creates a new Notion page for a specific Campaign.
CreateCampaignPage(ctx context.Context, client *notion.Client, db notion.Database, campaign *stix2.Campaign) (notion.Page, error)
}
type CollectionRepository ¶
type CollectionRepository interface {
// ListCollection returns the entire collection of STIX objects.
ListCollection() *stix2.Collection
}
type IndicatorRepository ¶
type IndicatorRepository interface {
// ListIndicators returns a slice of Indicator objects.
ListIndicators() []*stix2.Indicator
// CreateIndicatorsDatabase creates a new Notion database for Indicators.
CreateIndicatorsDatabase(ctx context.Context, client *notion.Client, parentPageID string) (notion.Database, error)
// CreateIndicatorPage creates a new Notion page for a specific Indicator.
CreateIndicatorPage(ctx context.Context, client *notion.Client, db notion.Database, indicator *stix2.Indicator) (notion.Page, error)
}
type IntrusionSetRepository ¶
type IntrusionSetRepository interface {
// ListIntrusionSets returns a slice of Group objects.
ListIntrusionSets(collection *stix2.Collection) []*stix2.IntrusionSet
// CreateIntrusionSetsDatabase creates a new Notion database for IntrusionSets.
CreateIntrusionSetsDatabase(ctx context.Context, client *notion.Client, parentPageID string) (notion.Database, error)
// CreateIntrusionSetPage creates a new Notion page for a specific Group.
CreateIntrusionSetPage(ctx context.Context, client *notion.Client, databaseID string, group *stix2.IntrusionSet) (notion.Page, error)
}
type MalwareRepository ¶
type MalwareRepository interface {
// ListMalware returns a slice of Malware objects.
ListMalware() []*stix2.Malware
// CreateMalwareDatabase creates a new Notion database for Malware.
CreateMalwareDatabase(ctx context.Context, client *notion.Client, parentPageID string) (notion.Database, error)
// CreateMalwarePage creates a new Notion page for a specific Malware.
CreateMalwarePage(ctx context.Context, client *notion.Client, db notion.Database, malware *stix2.Malware) (notion.Page, error)
}
type Repository ¶
type Repository interface {
CollectionRepository
AttackPatternRepository
CampaignRepository
MalwareRepository
IntrusionSetRepository
}
Repository defines the interface for interacting with the Notion database.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
stix
Package main is the entry point of the CLI application.
|
Package main is the entry point of the CLI application. |
|
internal
|
|
|
api
Package api provides primitives to interact with the openapi HTTP API.
|
Package api provides primitives to interact with the openapi HTTP API. |
|
kv
Package kv provides an interface and implementations for key-value stores.
|
Package kv provides an interface and implementations for key-value stores. |
|
mitre
Package mitre provides functionality for working with MITRE ATT&CK data in Notion.
|
Package mitre provides functionality for working with MITRE ATT&CK data in Notion. |
Click to show internal directories.
Click to hide internal directories.