[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] Product capability mapping in STIX with Mitre ?
Thanks Jerome, Really good stuff, mapping to datasources is the first step and definitively a good direction. Let me review this and get back to you in a few weeks. Thanks, Michal From: Jerome Athias <jeromeathias2018@gmail.com> 1) At first I would suggest an evolution/revision* in MITRE Att&CK currently defined data sources. * or additional mappings to security tools (categories/products) and their capabilities/functions (a la MAEC but for blue security tools) - see 2) eg: API monitoring - EDR, Sandbox (meaning nor Proxy nor Firewall-NG nor Web server logs) Here you could later on classify your products under categories (ie: Firewall-NG: Palo Alto 123, Cisco 234, ...) Sysmon ... 2) Due to data model (schemas) reduction/simplification in STIX v2 (against CybOX), you don't have native objects for that (due to MVP/MTI), ProductObjectType/DeviceObjectType Meantime I could see it would be used for OpenC2 support evaluation in the future... On Mon, Oct 7, 2019 at 11:08 AM Michal Garcarz (mgarcarz) <mgarcarz@cisco.com> wrote:
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]