OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Call for Volunteers / Topics for STIX 2.1


Are there use cases where we'd want a single note associated with multiple SDOs? When I had first heard the concept, I'd thought of it as a common property across all SDOs.

I guess my question really is:
What factors (if any) went into deciding whether this should be it's own SDO vs. a common property across all SDOs?

Thank you.
-Mark

On Mon, Dec 12, 2016 at 11:43 PM, Allan Thomson <athomson@lookingglasscyber.com> wrote:
Hi Sarah – sorry for the delay. Have been off the list for the last few working days due to other priorities.

Please find attached a proposed text changes to add Intel Notes to the STIX 2.0 spec. This doc was created back in Sept so it may rely on an older version of the base 2.0 standard than is current.

The primary intention is described in the document but if you feel that its not sufficiently clear then let me know.

Regards

allan

From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of Sarah Kelley <Sarah.Kelley@cisecurity.org>
Date: Wednesday, December 7, 2016 at 12:26 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] Call for Volunteers / Topics for STIX 2.1

Can I get a quick description of what Intel Notes is going to be? I don’t recall hearing about that piece before.

Sarah Kelley
Senior Cyber Threat Analyst
Center for Internet Security (CIS)
Integrated Intelligence Center (IIC)
Multi-State Information Sharing and Analysis Center (MS-ISAC)
1-866-787-4722 (7×24 SOC)
Email: cert@cisecurity.org<mailto:cert@cisecurity.org>
www.cisecurity.org<http://www.cisecurity.org/>
Follow us @CISecurity

From: <cti@lists.oasis-open.org> on behalf of "Wunder, John A." <jwunder@mitre.org>
Date: Wednesday, December 7, 2016 at 2:50 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Call for Volunteers / Topics for STIX 2.1

All,

I know that we’re still finalizing things in STIX 2.0, but with the face-to-face coming up in January and the need to keep making progress on important topics I’d like to start planning for STIX 2.1. In particular, I think we can be much more productive at the face-to-face if we have 1 or more concrete proposals for each topic we discuss. That way we can evaluate real normative text and data structures rather than general ideas and theories.

To get there, I’d like to start putting together mini-groups for STIX 2.1 topics. Obviously we won’t work on all of these at the same time, but the complete list I have of somewhat major topics for 2.1:


1.      Malware (it already exists, but it could use some fleshing out)

2.      Infrastructure

3.      Confidence

4.      Location

5.      Incident / Event

6.      Course of Action / OpenC2 integration / Playbooks

7.      Internationalization

8.      Intel Notes

So my first request is, what’s missing? Are there any other major topics that we should tackle for 2.1?

My second request is for volunteers to work on some of those topics. I’m thinking that one of the first things we should do is build out more of our foundation in intel objects and concepts. That would mean tackling:


-          Confidence

-          Malware

-          Infrastructure

-          Location

Finishing off those objects and concepts will give us the building block SDOs and concepts that we need to tackle things like incident, COA, etc. As we finish off this first set, we can move on to major areas of effort like courses of action and incidents (and related object).

Please send replies directly to me and I’ll coordinate, that way we can avoid spamming the list. Also I should say that if there’s a group of people that wants to start working on incident, COA, or any other topic now don’t let me hold you up. I just want to make sure we can get in the more foundational things so we don’t have to re-write stuff later.

John

...


This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]