Materials Submission: TWIGs Strawman for STIX 2.0

[Mark Davidson <mdavidson@soltra.com>]

All,

 

This email is to announce the TWIGs Strawman for STIX 2.0 and submit materials in advance of the F2F, providing ample time for CTI TC members to read the proposal. The TWIGs strawman will be presented at the OASIS CTI F2F. The TWIGs strawman is a collaboration between Soltra, EclecticIQ, ThreatLoop.com, and MITRE staff.

 

TWIGS focuses on simplicity, modularity, and improved threat analysis. Compared to STIX 1.x, TWIGS has a flattened information model, more tightly scoped objects, and is explicitly modeled as a graph. For automation uses, TWIGS uses a JSON schema serialization.

TWIGS is offered to the STIX SC / OASIS CTI TC as strawman input to STIX 2.0. The STIX SC may choose to use all, some, or none of the concepts in the TWIGS strawman as a foundation for STIX 2.0. The term strawman is used to indicate that while TWIGS represents a working prototype, the choices made in TWIGS are not binding or final. All concepts, choices, and descriptions are within scope for change.

 

TWIGs document (attached as PDF – “WhyTWIGSisTWIGS.pdf")

TWIGs explorer online: https://twigs-cti.herokuapp.com

 

We have put a lot of time and effort into this proposal hope that you will find it compelling.

 

Sincerely,

Terry MacDonald (Threatloop.com, Soltra)

John Wunder (MITRE)

Joep Gommers (EclecticIQ)

Wouter Bolsterlee (EclecticIQ)

Marko Dragoljevic (EclecticIQ)

Sergey Polzunov (EclecticIQ)

Ivan Kirillov (MITRE, CybOX SC Co-Chair)

Aharon Chernin (Soltra, STIX SC Co-Chair)

Trey Darley (Soltra, CybOX SC Co-Chair)

Mark Davidson (Soltra, TAXII SC Co-Chair)

Attachment: WhyTWIGSisTWIGS.pdf
Description: WhyTWIGSisTWIGS.pdf