Developing Your Universal Data Insights Connector
Overview
Federated search to investigate and analyze security insights across your company without moving your data UDI is the primary shared data services layer within Cloud Pak for Security. Any application wishing to query/read security data from the variety of shared data sources must do so via this API. It is built using RESTful principles, and integrates with an extensible Open-Source SDK (STIX-SHIFTER) to allow new translation and transmission modules to be contributed by IBM and the world-wide security community.
For your data source, build and implement a STIX adapter for it to establish connection between the data source and IBM CloudPak for Security. Use the open source library at https://github.com/opencybersecurityalliance/stix-shifter to:
- Connect to any products that house repositories of cybersecurity data.
- Convert a STIX 2 pattern to a native data source query.
- Convert a JSON data source query result to a STIX bundle of observable objects.
- See Developing a new STIX-shifter adapter. To learn about the supported query data types, see Query Data Types.
Developing Your Universal Data Insights connector using STIX-shifter
Follow these steps to develop, and test your connector.
Before you can start to build a STIX-shifter connector, here is what you will need
Set up your development environment following these steps
Creating your connector from the open source STIX-shifter project
Test your connector's translation and transmission capabilities
Publish a Connector
Technology Partners and IBMers can submit CloudPak for Security connectors to the IBM Security App Exchange portal to start the review process. Content posted on the IBM Security App Exchange will go through a validation process, as all applications and content extensions are reviewed by IBM CloudPak for Security quality teams. Follow the steps in this link to submit your connector for validation and publishing.
Marketing Your Integration
Are you interested in creating your own marketing collateral, including issuing a press release? We have posted recommended marketing actions and examples that are available to your company in launching your validated solution posted on IBM Security App Exchange. You can find this information here.
