OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] [cti-users] Sense-making Analytic Framework for STIX/CYBOX

Thanks Bret. I'm specifically looking for STIX 1.x content since the artificial intelligence based sense-making analytic framework has already learned STIX 1.x, and all the core STIX 1.x extensions such as OASIS CIQ, CAPEC, CWE, CVE, etc so that the AI can use situational awareness from the cyber ecosystem to support sense-making and decision making  and reasoning across those different cyber environment datasets and functional areas (CDM, GRC, IR, Hunting, etc). 

We have not yet started on STIX 2.0 as we'd still have to create a W3C standards based knowledge representation of STIX 2.0 for the AI to support top down logic and the "Sherlock Holmes" style reasoning on the content/instance data.

We were at the OpenC2 presentation last week at the IACD Community Day. 

We're excited about filling the sense-making analytic framework gap for IACD and look forward to those efforts in the coming weeks. 

Shawn

On Tue, Mar 28, 2017 at 8:35 AM, Bret Jordan <Bret_Jordan@symantec.com> wrote:
Shawn,

The work we are doing to support the IACD effort will all be in STIX 2.0 format and using the to be finished STIX 2.0 COA with OpenC2.

So while we have a lot of data, the kind of data you are looking for, we have stopped all work on making it available in STIX 1.x and are moving to only use STIX 2.x. 

BTW, we demoed a proof of concept OpenC2 proxy at the IACD Community day last week.  

Bret 

Sent from my iPhone

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

On Mar 28, 2017, at 7:51 AM, Shawn Riley <shawn.p.riley@gmail.com> wrote:

Hello STIX Community,

As we continue to push forward with using STIX v1.2 to support our AI-powered sense-making and decision-making analytic framework on the threat intelligence in support of integrated adaptive cyber defense (IACD).

[cid:ii_j0tja4630_15b14f17d0b392f8]


We've already taught the artificial intelligence how to read and understand the meaning of the STIX threat intelligence, how to organize what is know using the object-based production methodology, how to reveal the hidden knowledge that much be inferred from what is known, and we have started building out Programmable Reasoning Object (PROs) for sense-making, decision-making, and selecting courses of action.

[cid:ii_j0tjbbxi1_15b14f25b1edb6ef]


I was hoping the community might have some recommendations on which STIX sources/producers might have more complex information in STIX that would present more of a challenge or require more advanced analytic tradecraft PROs for sense-making and decision-making.

Any pointers to more complex STIX 1.x repositories or producers would be great.

https://secwww.jhuapl.edu/iacdcommunityday/ResourcesPage

Thanks,
Shawn

Shawn Riley
CDO & Cybersecurity Scientist
DarkLight Cyber




<Darklight Cyber - Shawns Smart IACD Vision.png>
<IACD-DHS-STIX.gif>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]