Re: [cti-users] CybOX diversified observable data set eaxample

Thanks for responses.

Terry - the generator is great, but I am looking for a real world examples in order to better understand the how real observable data looks like.

Patrick - It sounds great, but unfortuneatly I don't have access to us-cert, so I am looking for open source examples

Steve - I have downloaded the TAXII java client to poll the hailataxii service, and haven't yes figured out how to work with it, but its not as straightforward as I thought.

I am looking for something like the example posted here on STIX:

https://stixproject.github.io/examples/

That are more verbose and diversifed, some real world Observables.

Thanks

On Fri, Jan 29, 2016 at 10:57 PM Terry MacDonald <terry.macdonald@threatloop.com> wrote:

(Full disclosure - I am a co-founder of Cosive)

I'd also recommend the Cosive STIX data generator, available at https://generator.cosive.com . It produces fake STIX documents with objects of your choosing, and was designed for testing your systems ability to prices the different objects.

Cheers
Terry MacDonald

On 30/01/2016 03:06, "Patrick Maroney" <Pmaroney@specere.org> wrote:

DHS/US-CERT publishes 100's of diverse STIX packages (e.g., MIFR,MAR, JIB, IB). I use STIX Ramrod to batch convert (https://github.com/STIXProject/stix-ramrod) legacy versions. These provide a rich set of compound observables.

These will provide a much more diverse set of CybOX than anything you will find on Hail-a-TAXII which tend to be very narrow in what is expressed (e.g., Lists of Malicious IP Addresses, Lists of Malicious Domains).

These STIX packages are generally not in the public domain, but are available in places like the US-CERT Portal (https://portal.us-cert.gov). A keyword search for "STIX" and "MIFR" may reveal alternative sources.

<marking:Controlled_Structure>//node() | //@*</marking:Controlled_Structure>

<marking:Marking_Structure xsi:type='tlpMarking:TLPMarkingStructureType' color="GREEN"/>

<marking:Marking_Structure xsi:type='TOUMarking:TermsOfUseMarkingStructureType'>

<TOUMarking:Terms_Of_Use>This Indicator Bulletin is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this bulletin or otherwise. This document is marked TLP: GREEN. Recipients may share TLP: GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp .</TOUMarking:Terms_Of_Use>

</marking:Marking_Structure>

Patrick Maroney

Office: (856)983-0001

Cell: (609)841-5104

President

Integrated Networking Technologies, Inc.

PO Box 569

Marlton, NJ 08053

From: <cti-users@lists.oasis-open.org> on behalf of "Noel, Steven E" <snoel@mitre.org>
Date: Friday, January 29, 2016 at 10:17 AM
To: Shevah Marants <shevahm@gmail.com>, "cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
Subject: RE: [cti-users] CybOX diversified observable data set example

I’m wondering if this is helpful: http://hailataxii.com/.

I have never used it, would be interested in hearing about your experiences with it.

Steve

From: cti-users@lists.oasis-open.org [mailto:cti-users@lists.oasis-open.org] On Behalf Of Shevah Marants
Sent: Friday, January 29, 2016 9:25 AM
To: cti-users@lists.oasis-open.org
Subject: [cti-users] CybOX diversified observable data set example

Hello,

I am currently investigating CybOX.

I am looking for a big corpus/dataset of Observables varying in type for different experiments on CybOX data.

The STIX and CybOX sites offer a couple of examples but they are limited in size and diversification.

Can someone point me to an interesting dataset with diversified types of Observables and Observable patterns?

Thanks.

cti-users message