cyberneticlibrary
← library

Process and export security indicators

ioc-processorsubagentsetup L25
Liberty91LTD/cti-skills
What it does

Process, classify, enrich, and deduplicate IOCs into STIX-compliant packages

Best for

When managing cyber threat intelligence lifecycle from raw indicators to exportable intelligence

Inputs
  • · Raw IOC list
  • · Source metadata
Outputs
  • · STIX 2.1 bundle
  • · Enriched IOC export
Requires
  • · Read
  • · Write
  • · Bash
  • · Glob
  • · Grep
Preconditions

IOC list in supported format; enrichment workflow tools available; TLP marking configured

Failure modes
  • · Invalid IOC format or unrecognized indicator type
  • · Enrichment sources unreachable or timeout during query
  • · Deduplication conflict with existing IOC collection
Trust signals
  • · Includes test/validation protocols
  • · Explicit error handling