[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: STIX COA mini group call 5/8/2017 - meeting minutes
Hi,
Below are the consolidated notes from the meeting today. Please chime in if I captured something incorrectly. Also, please let me know if I missed your attendance.
Minutes:
Open Questions and Options to think about (thanks Bret):
Option 1: using id to map the linkage - STIX style { "type": "course-of-action", "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Some top level name for the COA", "description": "Some top level description for the COA". "actions": [ { "action_id": 1, "name": "name of COA action", "description": "some description or human course of action", "on_success": [2], "on_failure": [3], "requires_success": [], "requires_failure": [], "openc2": "some openc2 command" }, { "action_id": 2, "name": "name of COA action", "description": "some description or human course of action", "on_success": [4], "on_failure": [3], "requires_success": [1], "requires_failure": [], "openc2": "some openc2 command" } ] }
Option 2 : using names to map the linkage – STIX style { "type": "course-of-action", "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Some top level name for the COA", "description": "Some top level description for the COA". "actions": [ { "name": "some name 1", "description": "some description or human course of action", "on_success": ["some name 2"], "on_failure": ["some name 3"], "requires_success": [], "requires_failure": [], "openc2": "some openc2 command" }, { "name": "some name 2", "description": "some description or human course of action", "on_success": ["some name 4"], "on_failure": ["some name 3"], "requires_success": ["some name 1"], "requires_failure": [], "openc2": "some openc2 command" } ] }
Another thing we talked about was how to have the keys be determined. The two examples above are in STIX like style. The next two are Cyber Observable style
Option 3: using id to map the linkage - Cyber Observable style { "type": "course-of-action", "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Some top level name for the COA", "description": "Some top level description for the COA". "actions": { "1": { "name": "name of COA action", "description": "some description or human course of action", "on_success": [2], "on_failure": [3], "requires_success": [], "requires_failure": [], "openc2": "some openc2 command" }, "2": { "name": "name of COA action", "description": "some description or human course of action", "on_success": [4], "on_failure": [3], "requires_success": [1], "requires_failure": [], "openc2": "some openc2 command" } } }
Option 4: using names to map the linkage - Cyber observable style { "type": "course-of-action", "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Some top level name for the COA", "description": "Some top level description for the COA". "actions": { "some name 1": { "description": "some description or human course of action", "on_success": ["some name 2"], "on_failure": ["some name 3"], "requires_success": [], "requires_failure": [], "openc2": "some openc2 command" }, "some name 2": { "description": "some description or human course of action", "on_success": ["some name 4"], "on_failure": ["some name 3"], "requires_success": ["some name 1"], "requires_failure": [], "openc2": "some openc2 command" } } }
Agenda for next meeting:
Thanks,
Jyoti
Technical Leader
Office of the CTO, Security Business Group, Cisco Systems
From: <cti@lists.oasis-open.org> on behalf of OASIS Open <workgroup_mailer@lists.oasis-open.org>
Date: Friday, May 5, 2017 at 10:43 AM To: <cti@lists.oasis-open.org> Subject: [cti] STIX COA mini group call Follow on call for STIX COA -- Ms. Jyoti Verma
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]