Whether I can use the original XML representation of CWSandbox as the input of Malheur,or I must change the original XML with MIST.

I'm very sorry to disturb you time，But now I have not a good understanding of the idea of the 《Automatic Analysis of Malware Behavior using Machine Learning》.

Malheur supports the analysis of text-based reports as well as MIST reports. Please consult the manual page on how to configure both modes. Note that this issue tracker is not a place for generic technical discussion.