OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Call for Volunteers / Topics for STIX 2.1


Can I get a quick description of what Intel Notes is going to be? I don’t recall hearing about that piece before.

 

Sarah Kelley

Senior Cyber Threat Analyst

Center for Internet Security (CIS)

Integrated Intelligence Center (IIC)

Multi-State Information Sharing and Analysis Center (MS-ISAC)

1-866-787-4722 (7×24 SOC)

Email: cert@cisecurity.org

www.cisecurity.org

Follow us @CISecurity

 

From: <cti@lists.oasis-open.org> on behalf of "Wunder, John A." <jwunder@mitre.org>
Date: Wednesday, December 7, 2016 at 2:50 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Call for Volunteers / Topics for STIX 2.1

 

All,

 

I know that we’re still finalizing things in STIX 2.0, but with the face-to-face coming up in January and the need to keep making progress on important topics I’d like to start planning for STIX 2.1. In particular, I think we can be much more productive at the face-to-face if we have 1 or more concrete proposals for each topic we discuss. That way we can evaluate real normative text and data structures rather than general ideas and theories.

 

To get there, I’d like to start putting together mini-groups for STIX 2.1 topics. Obviously we won’t work on all of these at the same time, but the complete list I have of somewhat major topics for 2.1:

 

1.      Malware (it already exists, but it could use some fleshing out)

2.      Infrastructure

3.      Confidence

4.      Location

5.      Incident / Event

6.      Course of Action / OpenC2 integration / Playbooks

7.      Internationalization

8.      Intel Notes

 

So my first request is, what’s missing? Are there any other major topics that we should tackle for 2.1?

 

My second request is for volunteers to work on some of those topics. I’m thinking that one of the first things we should do is build out more of our foundation in intel objects and concepts. That would mean tackling:

 

-          Confidence

-          Malware

-          Infrastructure

-          Location

 

Finishing off those objects and concepts will give us the building block SDOs and concepts that we need to tackle things like incident, COA, etc. As we finish off this first set, we can move on to major areas of effort like courses of action and incidents (and related object).

 

Please send replies directly to me and I’ll coordinate, that way we can avoid spamming the list. Also I should say that if there’s a group of people that wants to start working on incident, COA, or any other topic now don’t let me hold you up. I just want to make sure we can get in the more foundational things so we don’t have to re-write stuff later.

 

John


...

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]