OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-users] CybOX diversified observable data set eaxample


On 30.01.2016 20:58:12, Shevah Marants wrote:
> 
> I am looking for something like the example posted here on STIX:
> https://stixproject.github.io/examples/
> That are more verbose and diversifed, some real world Observables.
> 

Hi, Shevah -

Waaay back in the day, my very first post to the MITRE lists was
almost identical to your line of inquiry. At the time, I was trying to
write code to parse STIX and do $stuff. I had a look at this massive
list of CybOX objects and was like, "Do I need to write code for *all*
of these? What's actually being used in the field?"

Flash forward, we found a partial mechanism to address this: cti-stats
[0]. Ivan and I have coordinated with a number of major sharing groups
to collect aggregated statistics about which CybOX objects are used
and with what relative frequency. The aggregated dataset is available
here [1].

Is the methodology perfect? No. Are there sharing communities out
there widely using CybOX objects not represented in our aggregated
report? Probably. But if you're trying to write a tool to do $stuff
and you can at least achieve solid code coverage of the top 10-15 most
frequently used CybOX objects (as reflected in the aggregate report)
that's a solid starting point.

Hope this helps!

[0]: https://github.com/Soltra/cti-stats
[1]: http://cyboxproject.github.io/cti-stats/

-- 
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
--
"In protocol design, perfection has been reached not when there is
nothing left to add, but when there is nothing left to take away."
--RFC 1925

Attachment: signature.asc
Description: PGP signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]