[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] Product capability mapping in STIX with Mitre ?
Hello Team,
Â
What would be your recommendation to use STIX for product capabilities mapping to present the coverage against malware+intrusion set/campaigns.
Â
I would like to use Mitre techniques + Mitre and LM kill-chains to map those techniques (attack-patterns) to right kill-chain phase.
Also indicators to map those to attack-patters positioned in the right phase of kill-chain.
And now provide additional information about product coverage for each attack-pattern and correlated indicator.
Â
Obviously product coverage for attack-patterns will be generic: product_class + maybe a bit more specific vendor_product
(some of those shared by Mitre).
Â
But product coverage for specific indicator might be very specific: vendor_product + vendor_product_features(list of features which needs to be enabled on product to detect or block)
Â
Are there any similar works within STIX community ?
Any recommendations / hints ?
Â
Thanks,
Michal
Â
----
Michal GarcarzÂÂÂÂÂÂÂÂ ÂÂÂÂÂÂ| Managed Security Services ArchitectÂÂÂÂÂÂ ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|
Active Threat Analytics | CCIE #25272 (RS, Sec, Wireless), CISSP, CEH ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|
Krakow SOC, PolandÂÂÂÂÂ | tel. +48123211296 email:Âmgarcarz@cisco.comÂÂÂÂÂÂÂÂ|
GPG FingerprintÂÂÂÂ ÂÂÂÂÂÂÂÂ| 7AA70853EB9DFCB7572C5EE154DA9BC91D959B51 |
Working HoursÂÂÂÂÂÂÂ ÂÂÂÂÂÂÂ| M-F 8-17 EMEA/CET,Âata-soc-ext@cisco.comÂÂ ÂÂÂÂÂÂÂÂÂÂÂ|Â
Â
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]