Re: [cti-users] Geotagging STIX Objects

[Shawn Riley <shawn.p.riley@gmail.com>]

Hi Joshua,

We are using ontologies based on STIX, CYBOX, CIQ, etc to enable standards based Object-Based Production (OBP) of cyber security data and information into a knowledge and activity graph to automate analytic pivoting and enable Activity-Based Intelligence reasoning using description logic. This is the same technology based approach using ontologies that enable OBP/ABI in the DOD/IC on ICITE and is used in efforts like the National Map. https://cegis.usgs.gov/ontology.html   

Please feel free to reach out if you'd like to discuss this further. 

Shawn

Shawn Riley

DarkLight Cyber

shawn.p.riley@darklightcyber.com

On Mon, Feb 6, 2017 at 10:00 AM, <Elihu.E.El@nga.mil> wrote:

Classification: UNCLASSIFIED
======================================================

...I understand.  That is great.  We are working on the application to actually map objects.  Since we are using Lean Startup, would you kindly forward your contact information to Joshua.  This will enable to conduct the appropriate interviews.

Continued Regards,
Eli



-----Original Message-----
From: Allan Thomson [mailto:athomson@lookingglasscyber.com]
Sent: Monday, February 06, 2017 10:14 AM
To: El Elihu E Mr NGA-XFI USA CIV <Elihu.E.El@nga.mil>; Bret_Jordan@symantec.com; cti-cybox@lists.oasis-open.org; cti-stix@lists.oasis-open.org; cti-users@lists.oasis-open.org; Jason.Keirstead@ca.ibm.com; Richard.Struse@hq.dhs.gov; terry.macdonald@cosive.com; terry.macdonald@gmail.com
Subject: [Non-DoD Source] Re: [cti-users] Geotagging STIX Objects

This email was sent from a non-Department of Defense email account, and contained active links. Please verify the identity of the sender, and confirm authenticity of all links contained within the message.



This email was sent from a non-Department of Defense email account, and contained active links. Please verify the identity of the sender, and confirm authenticity of all links contained within the message.



This email was sent from a non-Department of Defense email account, and contained active links. Please verify the identity of the sender, and confirm authenticity of all links contained within the message.



Adding location to the STIX model is part of the goals for STIX 2.1 specification version.

This would provide the capability that you suggest (and some).

allan

On 2/6/17, 6:30 AM, "cti-users@lists.oasis-open.org on behalf of Elihu.E.El@nga.mil" <cti-users@lists.oasis-open.org on behalf of Elihu.E.El@nga.mil> wrote:

    Classification: UNCLASSIFIED
    ======================================================

    Good Morning Team,

    I hope that the day has gotten off to a good start for each of you.  Geotags enable objects to be plotted on a map similar to this: Caution-images.teamsugar.com/files/users/2/22911/39_2007/maps_1.jpg

    The ideal geotag would include x, y, and z values as well as temporal data and object height.  We are working on a project to geotag and render STIX documents on a map.  We are the CyberShock group.  STIX objects such as Observable Instances, Exploit Targets, Threat Actors, etc. can all be geotagged.  The MVP and documentation is on the high-side.  We need your feedback and suggestions.  Would you kindly share your contact information with Joshua so that we may ensure a prompt followup:
    Joshua Jackson
    Senior Systems Engineer
    Mainstreaming Capabilities Division (TAIM)
    Enterprise Innovation Office (TAI)
    National Geospatial-Intelligence Agency (NGA)
    Joshua.M.Jackson@NGA.mil
    Joshua.M.Jackson@NGA.IC.gov
    Open: 571-557-9849
    Secure: 578-9849

    Warm Regards,
    Eli


    Elihu Eli El, Scrum, Safe Agile, ITIL
    Systems Engineer
    NGA XFI
    Unclassified: 571-558-4351
    Secure: 579-4351
    Elihu.E.El@nga.mil

    GSM: Caution-www.geoint.community/
    ======================================================
    Classification: UNCLASSIFIED



======================================================
Classification: UNCLASSIFIED