OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] STIX 2.1 discussion


I could get on board with that.  

Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Aug 29, 2016, at 12:29, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:

Myself - I would prefer confidence be a numeric code of say 1-100 with an allowed value that maps to "unknown" (perhaps 0 or -1), and leave it up to individual implementers if they want to map that to the admiralty code in their software or not.

A numeric code has this large advantage, that it can be easily adapted to match any labelling regime, and any level of granularity.

Whereas, if the Admiralty code is adopted, we are "stuck" there - and that regime may be too granular for some organizations, and not granular enough for others.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown 


<graycol.gif>"Masuoka, Ryusuke" ---08/22/2016 09:41:11 PM---Hi, Jane, It seems it is already published in 2014

From:  "Masuoka, Ryusuke" <masuoka.ryusuke@jp.fujitsu.com>
To:  JG on CTI-TC <jg@ctin.us>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date:  08/22/2016 09:41 PM
Subject:  RE: [cti-stix] STIX 2.1 discussion
Sent by:  <cti-stix@lists.oasis-open.org>





Hi, Jane,

It seems it is already published in 2014

Why Assessing Estimative Accuracy Is Feasible and Desirable
https://www.hks.harvard.edu/fs/rzeckhau/Assessing%20Estimative%20Accuracy.pdf

Regards,

Ryu

From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of JG on CTI-TC
Sent:
 Tuesday, August 23, 2016 8:00 AM
To:
 cti-stix@lists.oasis-open.org
Subject:
 Re: [cti-stix] STIX 2.1 discussion

All:

I just wanted to point out this forthcoming article that will be published in Intelligence and National Security that discusses the Admiralty Code. 

https://www.hks.harvard.edu/fs/rzeckhau/Evaluating%20Estimative%20Accuracy.pdf

Jane Ginn

On 8/22/2016 12:15 PM, Jordan, Bret wrote:

      Sarah, 

      Can you put together a proposal for Confidence?  

      Thanks,

      Bret



      Bret Jordan CISSP 
      Director of Security Architecture and Standards | Office of the CTO
      Blue Coat Systems
      PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
      "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 
          On Aug 22, 2016, at 11:21, Sarah Kelley <Sarah.Kelley@cisecurity.org> wrote:

          I would argue for the confidence as well. I understand that you want it to interact with digital signatures, but I know we’re using it already in STIX 1.x. We use the confidence field as Terry described, to give our analysts some hint how much they should care about something if they see it in traffic or how likely we believe it could be to cause false positives. Every single thing in our database has a confidence on it. 

          I would also push for incident (for our use) and also for internationalization for the sake of increased adoption.


          Sarah Kelley
          Senior CERT Analyst
          Center for Internet Security (CIS)
          Integrated Intelligence Center (IIC)
          Multi-State Information Sharing and Analysis Center (MS-ISAC)
          1-866-787-4722 (7㈴ SOC)
          Email: cert@cisecurity.org
          www.cisecurity.org
          Follow us @CISecurity

          From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Jordan, Bret
          Sent:
           Monday, August 22, 2016 12:55 PM
          To:
           Trey Darley <trey@kingfisherops.com>
          Cc:
           Terry MacDonald <terry.macdonald@cosive.com>; Jyoti Verma (jyoverma) <jyoverma@cisco.com>; Fai, Joyce <Joyce.Fai@gd-ms.com>; cti-stix@lists.oasis-open.org; Kemp, David P <dpkemp@nsa.gov>; Brule, Joseph M <jmbrule@radium.ncsc.mil>
          Subject:
           Re: [cti-stix] STIX 2.1 discussion

          Confidence does not really make sense before we have digital signatures, neither does the opinion object.. Without digital signatures first, there is no "real" confidence or opinion as everything could be faked.  

          Thanks,

          Bret



          Bret Jordan CISSP
          Director of Security Architecture and Standards | Office of the CTO
          Blue Coat Systems
          PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
          "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 
              On Aug 22, 2016, at 01:34, Trey Darley <trey@kingfisherops.com> wrote:

              On 20.08.2016 08:22:15, Terry MacDonald wrote:

                  My wish list for 2.1:

              +1 for Terry's list of STIX 2.1/2.2 priorities

              -- 
              Cheers,
              Trey
              ++--------------------------------------------------------------------------++
              Kingfisher Operations, sprl
              gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D
              ++--------------------------------------------------------------------------++
              --
              "All systems, regardless of composition, do one of three things: blow
              up, oscillate, or stay about the same." --anonymous

          This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. 
          . . .


-- 
Jane Ginn, MSIA, MRP
CTI-TC Co-Secretary
Cyber Threat Intelligence Network, Inc.
jg@ctin.us



Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]