OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] CTI TC Proposal - Promoting Targets to Top Level Objects


You beat me to it Jason. I already assumed we were doing Targets as TLOs. However, I am unsure about the papers and implementations mentioned in the proposal. I need to read them.

Aharon

From: <cti@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Friday, April 15, 2016 at 12:55 PM
To: Patrick Maroney <Pmaroney@Specere.org>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] CTI TC Proposal - Promoting Targets to Top Level Objects

I don't have a problem with this; in fact I kind of already assumed we would have to do it when we got into the TTP object. You would have a relationship from the TTP to the Victim. Simmilarly you would have a relationship to the Exploit.

It wouldn't make sense to do it any other way IMO.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Patrick Maroney ---04/15/2016 01:32:46 PM---Promoting Targets to Top Level Objects AbstractPatrick Maroney ---04/15/2016 01:32:46 PM---Promoting Targets to Top Level Objects Abstract

From: Patrick Maroney <Pmaroney@Specere.org>
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 04/15/2016 01:32 PM
Subject: [cti] CTI TC Proposal - Promoting Targets to Top Level Objects
Sent by: <cti@lists.oasis-open.org>





Promoting Targets to Top Level Objects

Abstract

      The Target Organization, and entities that comprise it, are the primary focus of all Threat-Actor activity, objectives, and motivations.
      This paper presents an argument for promoting Victims/Targets to the same representational level as our Adversaries/Attackers in our CTI ModelAbstract,

      It includes the first draft of a notional Target Top Level Object specification and initial properties.

OVERVIEW
      There was broad consensus amongst the early adopters of STIX in the operational domain that we needed to promote Target Entities and Organizations to Top Level Objects.
      This action was delayed initially to complete the UML Models and use these as the basis for restructuring. As this work was completing we began the process of transition our Community to OASIS, and again to focus on completion and ratification of the Committee Specifications for the current version baselines.
      As these key milestones approach in the coming weeks, it is now time to submit this proposal to the CTI TC for the promotion of Targets to Top Level Objects/First Class Citizens

      The objective of the attached paper is to provide the basis of the proposal, solicit community discourse and CTI TC support from those (1) in a Threat Intelligence CI and Operational Role and (2) those engaged in 2012/2013/2014 discussions around making this change.
      Note: I've attached a slightly revised copy of the Tokenization Concepts Paper published to the CTI TC on March 26th. It contains concepts related to the Target proposal.


Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104



President
Integrated Networking Technologies, Inc.
PO Box 569
Marlton, NJ 08053[attachment "Proposal - Promoting Targets to Top Level Objects.pdf" deleted by Jason Keirstead/CanEast/IBM] [attachment "CTI Tokenization Concepts 160408B.pdf" deleted by Jason Keirstead/CanEast/IBM]
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]