PiRogue Tool Suite

Import knowledge

Colander supports multiple data formats that can be directly imported into a case:

  • JSON, a Colander feed
  • STIX2, a STIX2 bundle
  • MISP, a MISP event
  • CSV

The workspace “Import” is dedicated to the import of external data.

Colander automatically merges imported data with the case entities. Check the documentation to know how Colander converts data from MISP and STIX2.

By default

By default, the workspace “Import” proposes to import a Colander feed but users can choose other formats like MISP or STIX2.

Import a Colander feed
Import a Colander feed

The user can manually select entities to import or import the whole feed. In addition, the Quick view button opens the details of the entity.

Details of an entity
Details of an entity

CSV

Colander can import data from a CSV file. To import:

  • Choose the CSV file to load
  • Select the entity type, for example Observable or Actor
  • For each row, choose the entity subtype, for example URL or Domain name
  • For each column, map it to the corresponding entity property, for example Name or Description

Any column data that does not match the Colander data model can be placed in the entity’s Extra attributes.

Import a CSV file
Import a CSV file
Edit this page on GitHub
Prev
Knowledge graph
Next
Share knowledge