[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Product capability mapping in STIX with Mitre ?
Hello Team, What would be your recommendation to use STIX for product capabilities mapping to present the coverage against malware+intrusion set/campaigns. I would like to use Mitre techniques + Mitre and LM kill-chains to map those techniques (attack-patterns) to right kill-chain phase. Also indicators to map those to attack-patters positioned in the right phase of kill-chain. And now provide additional information about product coverage for each attack-pattern and correlated indicator. Obviously product coverage for attack-patterns will be generic: product_class + maybe a bit more specific vendor_product (some of those shared by Mitre). But product coverage for specific indicator might be very specific: vendor_product + vendor_product_features(list of features which needs to be enabled on product to detect or block) Are there any similar works within STIX community ? Any recommendations / hints ? Thanks, Michal ---- Michal Garcarz | Managed Security Services Architect | Active Threat Analytics | CCIE #25272 (RS, Sec, Wireless), CISSP, CEH | Krakow SOC, Poland | tel. +48123211296 email: mgarcarz@cisco.com | GPG Fingerprint | 7AA70853EB9DFCB7572C5EE154DA9BC91D959B51 | Working Hours | M-F 8-17 EMEA/CET, ata-soc-ext@cisco.com | |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]