OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] MISP format <-> STIX 2.0 - Discussions


This is a very good read. These kinds of validations and challenges to our modeling with real-world use cases are critical to make sure we are getting things right...

- Being a MISP novice, can you go into more detail on the "MISP IDS/Machine" field? What is this used to convey?

- From my reading around it, A MISP "event" to me seems like it would be most properly modeled using an Incident object, which was something that was pitched and is in the STIX 2.1 Working Concepts, but has not yet had anyone take it over for refinement to get into STIX 2.1. Maybe MISP would like to take that on?



-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security

Without data, all you are is just another person with an opinion - Unknown




From:        Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
To:        OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Date:        05/05/2017 07:29 AM
Subject:        [cti] MISP format <-> STIX 2.0 - Discussions
Sent by:        <cti@lists.oasis-open.org>




Hi All,

We recently had an extensive discussion within the MISP core team
for the MISP format conversion from/to STIX 2. We pinpointed
some issues and possible remedies (short-cuts?) on the following page:

https://github.com/MISP/MISP/wiki/NotesMISP-STIX2

As discussed with Trey, we would like to share our findings with
the community and are hoping to see whatever our solutions fit the
envisioned STIX 2 standard.

Thank you very much.

Cheers.

--
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
info@circl.lu -
www.circl.lu

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]