Ozgur,
We have received your comments on STIX 2.0 CSPRD02 below. Thanks for your feedback!
The TC maintains a log of all comments received on its work here: https://docs.google.com/spreadsheets/d/1YOPONeKzc6Uu1A1MS3WkICG26LKLQOWdr-KBDzM8K6Y/edit#gid=5055878.
Your comments have been added as comments 5 and 6. When the public review period is over, the TC will consider all comments and note the resolutions in the log.
Again, thank you for your comment and please feel free to send along additional observations.
Sarah Kelley
STIX SC Co-Chair
Sarah Kelley
Senior Cyber Threat Analyst
Multi-State Information Sharing and Analysis Center (MS-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061
518-266-3493
24x7 Security Operations Center
SOC@cisecurity.org - 1-866-787-4722
From: <cti-comment@lists.oasis-open.org> on behalf of "ozgur.yurekten@gmail.com" <ozgur.yurekten@gmail.com>
Date: Tuesday, May 30, 2017 at 7:02 AM
To: "cti-comment@lists.oasis-open.org" <cti-comment@lists.oasis-open.org>
Subject: [cti-comment] Document review for stix-v2.0-csprd01-part2-stix-objects.docx
Hi,
I have been working on CTI standards and network security for my PhD dissertation. I have reviewed stix-v2.0-csprd01-part2-stix-objects.docx document. My comments are listed below:
- If
open vocabulary is defined for common external reference source names (CAPEC, CVE etc.), Interoperability will be increased between tools which will implement STIX 2.0
- Some SDO object references in examples are not defined in document. If an example references other SDO or SRO, referenced SDO or SRO should be in example text or should be defined in the
beginning of standard document. It will be make more clear to understand examples. All referenced SDO and SRO id list can be reviewed. Only one example of this situation:
In example of course_of_action (page 16), “created_by_ref” SDO is not referenced in example or in document. I can not reach the definition of SDO
[
{
"type": "course-of-action",
"id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z",
"name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter",
"description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..."
},
3-
Typo Errors
In example of course_of_action (page 16), for defining malware SDO property “relationship_type”
must be “name”.
Examples
[
{
"type": "course-of-action",
"id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z",
"name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter",
"description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..."
},
{
"type": "relationship",
"id": "relationship--44298a74-ba52-4f0c-87a3-1824e67d7fad",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:06:37.000Z",
"modified": "2016-04-06T20:06:37.000Z",
"source_ref": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"target_ref": "malware--31b940d4-6f7f-459a-80ea-9c1f17b5891b",
"relationship_type": "mitigates"
},
{
"type": "malware",
"id": "malware--31b940d4-6f7f-459a-80ea-9c1f17b5891b",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:07:09.000Z",
"modified": "2016-04-06T20:07:09.000Z",
"relationship_type": "Poison Ivy"
}
]
"relationship_type": "Poison Ivy" -> "name": "Poison Ivy"
Sent from
Mail for Windows 10
...
. . .