OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-users] Need Examples of stix components

So I don't have such an all in STIX document handy, but it seems like a really good idea to make one. This also goes to another need which is the 'usage' convention side of what does well crafted STIX actually look like for a sample.  I would suggest this is a worthwhile effort for the group and we should include it with the documentation set.


I am hoping that the folks at MITRE already have such an all encompassing sample document.


-Mark



Mark Clancy
Chief Executive Officer
SOLTRA | An FS-ISAC and DTCC Company
+1.813.470.2400 office | +1.610.659.6671 US mobile |  +44 7823 626 535  UK mobile
mclancy@soltra.com | soltra.com
 
One organization's incident becomes everyone's defense.
 


From: cti-users@lists.oasis-open.org <cti-users@lists.oasis-open.org> on behalf of sri devi <sreedevi.sw@gmail.com>
Sent: Wednesday, October 7, 2015 4:10 AM
To: cti-users@lists.oasis-open.org
Subject: [cti-users] Need Examples of stix components
 


Hi,

   Need examples  with clarity to the below component attributes.



Indicator:
----------
Attributes:
----------
Composite_indicator_Expression
Kill_Chain_Phases
Handling
Related_Indicators
Related_compaigns
Related_pckages

Need clarity of above attributes  of Indicator with Examples.

Incident
--------
Attributes
----------
Investigation
Exercise/Network Defence testing
ordinality
Structuring_format
Attributed_Thread_Actors
Intended_Effect
Related_incidents

Need clarity of above attributes  of Incident with Examples.

Observable
-----------
Attributes
-----------
Keywords
Observable_Composition
Pattern_Fidelity

Need clarity of above attributes  of Observable with Examples.

TTP
----
Attributes
-----------

Handling
Kill_Chains
Kill_Chain_Phases
Exploit_Targets


Need clarity of above attributes  of TTP with Examples.

Exploit_Targets
----------------
Attributes
-----------
Handling
Related_exploit_target
Configuration
Potential_COAs

Need clarity of above attributes  of Exploit_Targets with Examples.

Course_Of_Action
----------------
Attributes
----------
Related_COAs
Efficacy

Need clarity of above attributes  of Course_Of_Action with Examples.


Campaign
---------
Attributes
-----------
Intended_Effect
Related_Indicators
Related_incidents
Attribution
Associated_Campaign
Handling

Need clarity of above attributes  of Campaign with Examples.

Threat_Actor
-------------
attributes
----------
Identity
Motivation
Sophistication
Planning_And_Operational_support
Handling

Need clarity of above attributes  of Threat_Actor with Examples.





--
thank you....
        

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]