cti message

Subject: Re: [cti] CTI TC Proposal - Promoting Targets to Top Level Objects

From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
To: Patrick Maroney <Pmaroney@Specere.org>
Date: Fri, 15 Apr 2016 13:55:22 -0300

I don't have a problem with this; in fact I kind of already assumed we would have to do it when we got into the TTP object. You would have a relationship from the TTP to the Victim. Simmilarly you would have a relationship to the Exploit.

It wouldn't make sense to do it any other way IMO.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

Patrick Maroney ---04/15/2016 01:32:46 PM---Promoting Targets to Top Level Objects Abstract

From: Patrick Maroney <Pmaroney@Specere.org>
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 04/15/2016 01:32 PM
Subject: [cti] CTI TC Proposal - Promoting Targets to Top Level Objects
Sent by: <cti@lists.oasis-open.org>

Promoting Targets to Top Level Objects

Abstract

The Target Organization, and entities that comprise it, are the primary focus of all Threat-Actor activity, objectives, and motivations.

This paper presents an argument for promoting Victims/Targets to the same representational level as our Adversaries/Attackers in our CTI ModelAbstract,

It includes the first draft of a notional Target Top Level Object specification and initial properties.

OVERVIEW

There was broad consensus amongst the early adopters of STIX in the operational domain that we needed to promote Target Entities and Organizations to Top Level Objects.

This action was delayed initially to complete the UML Models and use these as the basis for restructuring. As this work was completing we began the process of transition our Community to OASIS, and again to focus on completion and ratification of the Committee Specifications for the current version baselines.

As these key milestones approach in the coming weeks, it is now time to submit this proposal to the CTI TC for the promotion of

Targets

to Top Level Objects/First Class Citizens

The objective of the attached paper is to provide the basis of the proposal, solicit community discourse and CTI TC support from those (1) in a Threat Intelligence CI and Operational Role and (2) those engaged in 2012/2013/2014 discussions around making this change.
Note: I've attached a slightly revised copy of the Tokenization Concepts Paper published to the CTI TC on March 26th. It contains concepts related to the Target proposal.

Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104

President
Integrated Networking Technologies, Inc.
PO Box 569
Marlton, NJ 08053[attachment "Proposal - Promoting Targets to Top Level Objects.pdf" deleted by Jason Keirstead/CanEast/IBM] [attachment "CTI Tokenization Concepts 160408B.pdf" deleted by Jason Keirstead/CanEast/IBM] --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

Follow-Ups:
- Re: [cti] CTI TC Proposal - Promoting Targets to Top Level Objects
  - From: Aharon Chernin <achernin@soltra.com>
- Re: [cti] CTI TC Proposal - Promoting Targets to Top Level Objects
  - From: "Wunder, John A." <jwunder@mitre.org>

References:
- CTI TC Proposal - Promoting Targets to Top Level Objects
  - From: Patrick Maroney <Pmaroney@Specere.org>