OASIS members and other interested parties,
The OASIS Cyber Threat Intelligence (CTI) TC [1] members have recently approved a Committee Specification Draft (CSD) and submitted it for 30-day public review:
CybOX(TM) Version 2.1.1
Committee Specification Draft 01 / Public Review Draft 01
20 June 2016
What is CybOX and why is it important?
The Cyber Observable _expression_ (CybOX) is a standardized language for encoding and communicating high-fidelity information about cyber observables, whether dynamic events or stateful measures that are observable in the operational cyber domain. By specifying a common structured schematic mechanism for these cyber observables, the intent is to enable the potential for detailed automatable sharing, mapping, detection and analysis heuristics. This specification serves as an overview of those specifications and defines how they are used within the broader CybOX framework.
About the TC:
The OASIS Cyber Threat Intelligence (CTI) TC is developing information representations and protocols to help industries, organizations, and governments model, analyze, and share cyber threat intelligence.
The TC has transitioned STIX (Structured Threat Information _expression_), TAXII (Trusted Automated Exchange of Indicator Information), and CybOX (Cyber Observable _expression_) from the US Department of Homeland Security (DHS) for standardization under the OASIS open standards process.
Members of the TC are currently working on the next generation of these specifications.
STIX, TAXII, and CybOX recently received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security.
Public Review Period:
The public review starts 28 September 2016 at 00:00 UTC and ends 28 October 2016 at 23:59 UTC.
This is an open invitation to comment. OASIS solicits feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.
URIs:
The prose specification document and related files are available here:
CybOX Version 2.1.1. Part 01: Overview
CybOX Version 2.1.1. Part 02: Common
CybOX Version 2.1.1. Part 03: Core
CybOX Version 2.1.1. Part 04: Default Extensions
CybOX Version 2.1.1. Part 05: Default Vocabularies
CybOX Version 2.1.1. Part 06: UML Model
CybOX Version 2.1.1. Part 07: API Object
CybOX Version 2.1.1. Part 08: ARP Cache Object
CybOX Version 2.1.1. Part 09: AS Object
CybOX Version 2.1.1. Part 10: Account Object
CybOX Version 2.1.1. Part 11: Address Object
CybOX Version 2.1.1. Part 12: Archive File Object
CybOX Version 2.1.1. Part 13: Artifact Object
CybOX Version 2.1.1. Part 14: Code Object
CybOX Version 2.1.1. Part 15: Custom Object
CybOX Version 2.1.1. Part 16: DNS Cache Object
CybOX Version 2.1.1. Part 17: DNS Query Object
CybOX Version 2.1.1. Part 18: DNS Record Object
CybOX Version 2.1.1. Part 19: Device Object
CybOX Version 2.1.1. Part 20: Disk Object
CybOX Version 2.1.1. Part 21: Disk Partition Object
CybOX Version 2.1.1. Part 22: Domain Name Object
CybOX Version 2.1.1. Part 23: Email Message Object
CybOX Version 2.1.1. Part 24: File Object
CybOX Version 2.1.1. Part 25: GUI Dialogbox Object
CybOX Version 2.1.1. Part 26: GUI Object
CybOX Version 2.1.1. Part 27: GUI Window Object
CybOX Version 2.1.1. Part 28: HTTP Session Object
CybOX Version 2.1.1. Part 29: Hostname Object
CybOX Version 2.1.1. Part 30: Image File Object
CybOX Version 2.1.1. Part 31: Library File Object
CybOX Version 2.1.1. Part 32: Link Object
CybOX Version 2.1.1. Part 33: Linux Package Object
CybOX Version 2.1.1. Part 34: Memory Object
CybOX Version 2.1.1. Part 35: Mutex Object
CybOX Version 2.1.1. Part 36: Network Connection Object
CybOX Version 2.1.1. Part 37: Network Flow Object
CybOX Version 2.1.1. Part 38: Network Packet Object
CybOX Version 2.1.1. Part 39: Network Route Entry Object
CybOX Version 2.1.1. Part 40: Network Route Object
CybOX Version 2.1.1. Part 41: Network Socket Object.
CybOX Version 2.1.1. Part 42: Network Subnet Object
CybOX Version 2.1.1. Part 43: PDF File Object
CybOX Version 2.1.1. Part 44: Pipe Object
CybOX Version 2.1.1. Part 45: Port Object
CybOX Version 2.1.1. Part 46: Process Object
CybOX Version 2.1.1. Part 47: Product Object
CybOX Version 2.1.1. Part 48: SMS Message Object
CybOX Version 2.1.1. Part 49: Semaphore Object
CybOX Version 2.1.1. Part 50: Socket Address Object
CybOX Version 2.1.1. Part 51: System Object
CybOX Version 2.1.1. Part 52: URI Object
CybOX Version 2.1.1. Part 53: URL History Object
CybOX Version 2.1.1. Part 54: Unix File Object
CybOX Version 2.1.1. Part 55: Unix Network Route Entry Object
CybOX Version 2.1.1. Part 56: Unix Pipe Object
CybOX Version 2.1.1. Part 57: Unix Process Object
CybOX Version 2.1.1. Part 58: Unix User Account Object
CybOX Version 2.1.1. Part 59: Unix Volume Object
CybOX Version 2.1.1. Part 60: User Account Object
CybOX Version 2.1.1. Part 61: User Session Object
CybOX Version 2.1.1. Part 62: Volume Object
CybOX Version 2.1.1. Part 63: Whois Object
CybOX Version 2.1.1. Part 64: Win Computer Account Object
CybOX Version 2.1.1. Part 65: Win Critical Section Object
CybOX Version 2.1.1. Part 66: Win Driver Object
CybOX Version 2.1.1. Part 67: Win Event Log Object
CybOX Version 2.1.1. Part 68: Win Event Object
CybOX Version 2.1.1. Part 69: Win Executable File Object
CybOX Version 2.1.1. Part 70: Win File Object
CybOX Version 2.1.1. Part 71: Win Filemapping Object
CybOX Version 2.1.1. Part 72: Win Handle Object
CybOX Version 2.1.1. Part 73: Win Hook Object
CybOX Version 2.1.1. Part 74: Win Kernel Hook Object
CybOX Version 2.1.1. Part 75: Win Kernel Object
CybOX Version 2.1.1. Part 76: Win Mailslot Object
CybOX Version 2.1.1. Part 77: Win Memory Page Region Object
CybOX Version 2.1.1. Part 78: Win Mutex Object
CybOX Version 2.1.1. Part 79: Win Network Route Entry Object
CybOX Version 2.1.1. Part 80: Win Network Share Object
CybOX Version 2.1.1. Part 81: Win Pipe Object
CybOX Version 2.1.1. Part 82: Win Prefetch Object
CybOX Version 2.1.1. Part 83: Win Process Object
CybOX Version 2.1.1. Part 84: Win Registry Key Object
CybOX Version 2.1.1. Part 85: Win Semaphore Object
CybOX Version 2.1.1. Part 86: Win Service Object
CybOX Version 2.1.1. Part 87: Win System Object
CybOX Version 2.1.1. Part 88: Win System Restore Object
CybOX Version 2.1.1. Part 89: Win Task Object
CybOX Version 2.1.1. Part 90: Win Thread Object
CybOX Version 2.1.1. Part 91: Win User Account Object
CybOX Version 2.1.1. Part 92: Win Volume Object
CybOX Version 2.1.1. Part 93: Win Waitable Timer Object
CybOX Version 2.1.1. Part 94: X509 Certificate Object
CybOX Version 2.1.1. Additional Artifacts
ZIP distribution file (complete):
For your convenience, OASIS provides a complete package of the prose document and related files in a ZIP distribution file. You can download the ZIP file here:
Additional information about the specification and the CTI TC can be found at the TC's public home page:
Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be used by following the instructions on the TC's "Send A Comment" page, or directly at:
Comments submitted by TC non-members for this work and for other work of this TC are publicly archived and can be viewed at:
All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review of "CybOX(TM) Version 2.1.1", we call your attention to the OASIS IPR Policy [2] applicable especially [3] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification.
OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work.
========== Additional references:
[1] OASIS Cyber Threat Intelligence (CTI) TC
Non-Assertion Mode
--
/chet
----------------
Chet Ensign
Director of Standards Development and TC Administration
OASIS: Advancing open standards for the information society
http://www.oasis-open.orgPrimary: +1 973-996-2298
Mobile: +1 201-341-1393