OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Possible items for STIX 2.1 - +1 to openc2 coa

Thanks for bringing this up Duncan!

Hi Jane,

Thanks for the pointers to get OpenC2 into STIX 2.1. Duncan and a bunch of us from the OpenC2 community are also members of OASIS and we will now dial into the Tuesday meetings to take this forward.

Regards,
Jyoti

From: <cti-stix@lists.oasis-open.org> on behalf of "Jane Ginn - jg@ctin.us" <jg@ctin.us>
Date: Wednesday, November 9, 2016 at 9:03 PM
To: "duncan@sfractal.com" <duncan@sfractal.com>, "Bret_Jordan@symantec.com" <Bret_Jordan@symantec.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: RE: [cti-stix] Possible items for STIX 2.1 - +1 to openc2 coa

Duncan:

Good to hear you are building on the openC2 framework. Both Bret Jordan and Allan Thomson are active with that committee. We welcome your efforts to help make the STIX Data Object (SDO) [Course of Action] that emerges in 2.1 consistent with openC2.

I can think of two ways to engage to help shape that SDO: 1) participate in the weekly Tuesday working group meetings to help drive that as a key SDO, and: 2) plan on attending the next face-to-face in the San Francisco area where the STIX 2.1 topics will be discussed in real time among and between the implementers.  Details on that meeting will be out soon, but right now it looks like it will be around Jan. 17 to 19.

Jane Ginn, MSIA, MRP
Cyber Threat Intelligence Network, Inc.
jg@ctin.us



-------- Original Message --------
From: duncan@sfractal.com
Sent: Wednesday, November 9, 2016 09:13 PM
To: "Bret Jordan (CS)" <Bret_Jordan@symantec.com>,cti-stix@lists.oasis-open.org
Subject: RE: [cti-stix] Possible items for STIX 2.1 - +1 to openc2 coa

I'm opening a tangent thread off the original email on what should be in stix 2.1.
Ie a different topic than incident/events.

I'm giving a +1 to including openc2 coa in stix 2.1. I've been away from stix for awhile so I'm still getting up to speed on the process. Let me know if there is anything I can to do help wrt openc2 coa in stix 2.1.

Duncan Sparrell
s-Fractal Consulting LLC
iPhone, iTypo, iApologize


-------- Original Message --------
Subject: [cti-stix] Possible items for STIX 2.1
From: "Bret Jordan (CS)" <Bret_Jordan@symantec.com>
Date: Tue, November 08, 2016 11:35 am
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>

Infrastructure
Malware
Incident
Course of Action - OpenC2
Internationalization
Confidence (source confidence)
Comments
Location
     When the location information was looked up / assigned.
     Service used to look up the location
     Accuracy of the service or methodology
     Self Reported
Add organizational relationships
     Employees
Threat Actor -> Threat Actor relationship
Intel Notes 


Bret

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]