OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-comment] STIX Course of Action object

Not sure its easier but certainly its a good alternative choice too.


a) Embedded relationship (property of CoA)
b) External relationship using relationship object (from CoA to CACAO Playbook)

Both are options.

Doing a STIX Extension for whatever you choose would be good either way.


On Mar 16, 2021, at 9:52 AM, Bret Jordan <bret.jordan@broadcom.com> wrote:

What might be even easier is to just use a relationship between a STIC COA and a CACAO Playbook. We designed CACAO Playbooks to work with a STIX CTI Graph. 

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

On Tue, Mar 16, 2021 at 10:45 AM aa tt <atcyber1000@gmail.com> wrote:
Hi Ben - 

There was a version of STIX CoA that was proposed (and actually included) previously in 2.1 that included a property to allow a pointer from CoA to a CACAO Playbook.

That was removed at the last minute from STIX2.1 due to lack of implementation verification that STIX2.1 required for inclusion of new features.

However, that spec work exists and could be used for either a) adding to STIX2.1 as standard or b) add to STIX2.1 COA as a standard extension for connecting STIX to CACAO.

At this point, I would suggest b) is the best path forward.

If you would like suggestions on how to do that then we can talk off-line.


On Mar 16, 2021, at 9:25 AM, Ben Whale <bwhale@caci.co.uk> wrote:

Hi all, 

I was wondering how the thinking behind the STIX Course of Action object is developing? We are considering using the course of action object in a system we are developing and are interested in the potential of capturing a machine automatable action within it. Given the development of the CACAO standard, is it likely that STIX will adopt CACAO in the action field, or is there other current thinking around this? 

Kind regards, 

Ben Whale 

Software Engineer, 

This electronic message contains information from CACI International Inc or
subsidiary companies, which may be confidential, proprietary,
privileged or otherwise protected from disclosure.  The information is
intended to be used solely by the recipient(s) named above.  If you are not
an intended recipient, be aware that any review, disclosure, copying,
distribution or use of this transmission or its contents is prohibited.  If
you have received this transmission in error, please notify us immediately
at postmaster@caci.co.uk
Viruses: Although we have taken steps to ensure that this e-mail and 
attachments are free from any virus, we advise that in keeping with good 
computing practice the recipient should ensure they are actually virus free.
CACI Limited. Registered in England & Wales. Registration No. 1649776. CACI House, Avonmore Road, London, W14 8TS

This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.

Attachment: signature.asc
Description: Message signed with OpenPGP

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]