crmsync plugs into your stack through cognis-connect,
the suite's integration SDK. It maps any tool's JSON into a canonical Finding and
forwards it to the platforms that fit the General OSINT / security tool domain.
pip install "git+https://github.com/cognis-digital/cognis-connect.git"Once crmsync emits JSON findings, pipe them straight to a destination — --dry-run
previews the exact request without sending:
crmsync ... --format json | cognis-connect emit --to stix # STIX 2.1 bundle
crmsync ... --format json | cognis-connect emit --to slack --url $URL --token $TOK # Slack
crmsync ... --format json | cognis-connect emit --to webhook --url $URL --token $TOK # generic webhookRecommended for this domain: stix, slack, webhook. The full set is
stix · taxii · misp · sigma · splunk · elastic · slack · discord · webhook · brief.
normalize() maps any record (field/indicator aliases handled) into a Finding, so this
works whatever crmsync outputs:
from cognis_connect import normalize, stix
findings = [normalize(rec, source="crmsync") for rec in records] # records = your JSON output
print(stix.to_bundle(findings))- AI enrichment / summaries — point add-ins at an
edgemesh/v1gateway (OPENAI_BASE_URL);cognis-connect emit --to briefwrites an analyst summary. - Composition patterns & reference stacks — see INTEROP.md.
Integration backbone for the 300+ suite. github.com/cognis-digital