OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Upcoming F2F in Salt Lake - Agenda and read aheads


Sorry for the lateness of the email.

In preparation for our upcoming F2F in Salt Lake, Utah, we’re including the proposed agenda and potential topics for discussion. You’ll note that the agenda itself does not have specific topics assigned to each time slot. This is because we have scheduled both STIX and TAXII “2.1 Timeline and Scope” conversations. During these sessions, we intend to give an overview of current and possible topics for inclusion in 2.1 and discuss which topics are most important to work through. During the rest of the F2F, we will then attempt to work through those topics in the order agreed, from most critical to least. For those not able to attend the F2F, please feel free to chime in on the list or on slack (prior to the F2F) with your opinions about what topics are most important to discuss and include in 2.1, and if possible, rank them by most important to least.
The agenda can be found here:
The topics for likely discussion are:


  1. TAXII – Pagination
    1. https://github.com/oasis-tcs/cti-taxii2/issues/23
  1. TAXII - Manifest Resource and Media Types
    1. https://github.com/oasis-tcs/cti-taxii2/issues/30
  1. TAXII - Discovery Service
    1. https://github.com/oasis-tcs/cti-taxii2/issues/18
  1. TAXII - API Root Resource and Relative Paths
    1. https://github.com/oasis-tcs/cti-taxii2/issues/28
  1. TAXII – Channels
    1. https://docs.google.com/document/d/11wKWQaJB_8Muin_u4PakSKzXztT0iRaNmvmU8wuafaQ/edit#heading=h.f2jn75l2lb4e
  1. TAXII – Query
    1. https://docs.google.com/document/d/11wKWQaJB_8Muin_u4PakSKzXztT0iRaNmvmU8wuafaQ/edit#heading=h.mgllud6u4ovp
    1. https://docs.google.com/document/d/1Cy_9Bh5tKEkDHGg2iv5c3AwriqVr7ygbKXWOv4-uHxs/edit
  1. TAXII – Sorting
  2. TAXII – Other HTTP Methods


  1. STIX – Infrastructure
    1. https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.maky5z1n51ds
  1. 2) STIX - Event / Grouping
    1. https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.t56pn7elv6u7
  1. STIX – COA
    1. https://docs.google.com/document/d/1VVeXcXsKHbfjjdglLo-mFQlXpjUhyGbGUBPSBFnSERY/edit

STIX Patterning and Observables:

In recent weeks, a number of stakeholder issues have been raised related to perceived deficiencies in both the STIX Cyber Observable model as well as the STIX Patterning grammar. As a group however, we all as a TC must recognize the importance of avoiding unnecessary delays in releasing STIX 2.1, as it contains a number of important enhancements that have taken a great amount of time and effort by all to produce.

As such, during this face to face, rather than spend effort attempting to debate and discuss individual STIX Object and STIX patterning proposals, we would like to discuss a community-driven methodology regarding the best way to make forward progress on new objects as well as enhancements to patterning. This will include both methods for how TC members could submit proposals that  may allow for tool developers to code to objects before they are formally released in a specification, as well as some minor changes to STIX to enable the reference of these in-progress proposals.
These links should be considered the “Read-aheads” for the F2F. Please review all the current proposals and come prepared with questions, comments, and suggestions so that we can have meaningful conversations about these topics.


Sarah Kelley

Senior Cyber Threat Analyst

Multi-State Information Sharing and Analysis Center (MS-ISAC)                   

31 Tech Valley Drive

East Greenbush, NY 12061




24x7 Security Operations Center

SOC@cisecurity.org - 1-866-787-4722



       cid:image002.png@01D38A08.F077A260    cid:image003.png@01D38A08.F077A260   cid:image004.png@01D38A08.F077A260    cid:image005.png@01D38A08.F077A260


This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]