This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender
immediately and permanently delete the message and any attachments.
Sorry for the lateness of the email.
In preparation for our upcoming F2F in Salt Lake, Utah, we’re including the proposed agenda and potential topics for discussion. You’ll note that the agenda itself does not have specific topics
assigned to each time slot. This is because we have scheduled both STIX and TAXII “2.1 Timeline and Scope” conversations. During these sessions, we intend to give an overview of current and possible topics for inclusion in 2.1 and discuss which topics are
most important to work through. During the rest of the F2F, we will then attempt to work through those topics in the order agreed, from most critical to least. For those not able to attend the F2F, please feel free to chime in on the list or on slack (prior
to the F2F) with your opinions about what topics are most important to discuss and include in 2.1, and if possible, rank them by most important to least.
The agenda can be found here:
The topics for likely discussion are:
- TAXII – Pagination
- TAXII - Manifest Resource and Media Types
- TAXII - Discovery Service
- TAXII - API Root Resource and Relative Paths
- TAXII – Channels
- TAXII – Query
- TAXII – Sorting
- TAXII – Other HTTP Methods
- STIX – Infrastructure
- 2) STIX - Event / Grouping
- STIX – COA
STIX Patterning and Observables:
In recent weeks, a number of stakeholder issues have been raised related to perceived deficiencies in both the STIX Cyber Observable model as well as the STIX Patterning grammar. As a group however,
we all as a TC must recognize the importance of avoiding unnecessary delays in releasing STIX 2.1, as it contains a number of important enhancements that have taken a great amount of time and effort by all to produce.
As such, during this face to face, rather than spend effort attempting to debate and discuss individual STIX Object and STIX patterning proposals, we would like to discuss a community-driven methodology
regarding the best way to make forward progress on new objects as well as enhancements to patterning. This will include both methods for how TC members could submit proposals that may allow for tool developers to code to objects before they are formally released
in a specification, as well as some minor changes to STIX to enable the reference of these in-progress proposals.
These links should be considered the “Read-aheads” for the F2F. Please review all the current proposals and come prepared with questions, comments, and suggestions so that we can have meaningful
conversations about these topics.
Senior Cyber Threat Analyst
Multi-State Information Sharing and Analysis Center (MS-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061
24x7 Security Operations Center
SOC@cisecurity.org - 1-866-787-4722