Promoting Targets to Top Level Objects
Abstract
The Target Organization, and entities that comprise it, are the primary focus of all Threat-Actor activity, objectives, and motivations.
This paper presents an argument for promoting Victims/Targets to the same representational level as our Adversaries/Attackers in our CTI ModelAbstract,
It includes the first draft of a notional Target Top Level Object specification and initial properties.
There was broad consensus amongst the early adopters of STIX in the operational domain that we needed to promote Target Entities and Organizations to Top Level Objects.
This action was delayed initially to complete the UML Models and use these as the basis for restructuring. As this work was completing we began the process of transition our Community to OASIS, and again to focus on completion and ratification of the Committee Specifications for the current version baselines.
As these key milestones approach in the coming weeks, it is now time to submit this proposal to the CTI TC for the promotion of Targets to Top Level Objects/First Class Citizens
The objective of the attached paper is to provide the basis of the proposal, solicit community discourse and CTI TC support from those (1) in a Threat Intelligence CI and Operational Role and (2) those engaged in 2012/2013/2014 discussions around making this change.
Note: I've attached a slightly revised copy of the Tokenization Concepts Paper published to the CTI TC on March 26th. It contains concepts related to the Target proposal.
