[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Working Call - Text Version
|
CTI TC: Below is a text-based version of the Working Call notes from today:
Â
Agenda: ÂÂÂÂÂÂÂ Cyber Observables â How handle moving forward Meeting Notes: ÂÂÂÂÂÂÂÂÂÂÂ Allan Thomson ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Introduced the work of the Mini-Group on the Cyber Observables issue ÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Richard Struse ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ We need to reach resolution on this issue â time is important â Weâll discuss in full TC ÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Allan Thomson ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Noted that this is being discussed relative to specific Use Cases â Using Malware SDO ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ It will also affect Infrastructure SDO â But, that is not currently in STIX 2.1 ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ If you think we need this extra Use Case, please comment on the Slide ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Gary put this slide in: ÂÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ [Slide not available in text version] ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ As it is now (Malware Example): ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ [Slide not available in text version] ÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ With the proposed solution (Malware Example): ÂÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂÂ ÂÂ ÂÂÂ Â [Slide not available in text version]
  Allan asked for comments  Chris Ricard  I think it may break some more things than it solves. I wrote up my rationale, but it didnât go out.  Iâll send it to you, Allan â Can you send out?  Sarah Kelley  I see that this proposal combines some of the features of the two proposals. It is a nice compromise  Bret Jordan  I agree with Sarah â It will require that we write more code, but it is a compromise that appears  To solve the problem of the Use Cases we are looking at  Allan Thomson  We need to present this to the full TC, then go to a Ballot  For the Minutes â We had almost Unanimity that this approach might work â with one exception  Also, Jeffrey had raised some issues on the Slack channel  Does anyone object to going through these issues?  [Articulated Jeffâs concerns â offered an approach to resolve the solution]  Sean Barnum  [Gave an example of how SDOs and COs evolve through time â And how could be shared through time.]  We feel very strongly about approach to versioningâ. We want to keep all of the old data  [Talked about the Modified version]  John-Mark Gurney  [Talked about core properties issue] [Talked about some other issues that might arise with this approach]  Jeffrey Mates  Iâll point out â One issue with a certain Timestamp â it assumes a centralized system from each Producer  [Then gave example of sensor-generated IDs â and modifying]  I worry about this if we are saying âlatest always winsâ or âmore detailed version always winsâ  Gary Katz  If you want to hash everything â it would be possible by this approach â I want to go to John-Markâs point  [Gave some examples of how issue could be handled]  This approach is designed to address that problem  John-Mark Gurney  It was really related to versioning â if you update, you can lose your data  Gary Katz  We really need to do a good write-up on how to do versioning  Sean Barnum  [Talked about how the various implementations will differ â Discussed what STIX needs to do]  Allan Thomson  [Gave some observations about how different products will respond to the data with these changes.]  The context of consuming this data is dependent on the consumer  John-Mark Gurney  We could make it complicated and add rules â but, I agree, that we donât want to do that  One possibility is a SIM link  The other point- there is an implicit assumption that the ID is part of the Object  Â Chris Ricard  I want to make sure that what-ever we come up with will work with TAXII versioning  Jeffrey Mates  We do call this out with TLOs currentlyâ. [Explained how currently handled]  In this case â there may be some overlapping because of these rules  John-Mark Gurney  Previously ID was globally unique â Now, we will have some overlapping  Jeffrey Mates  I agree about the globally unique issue  John-Mark Gurney  This is also tied to how TAXII deals with over-writes  Sean Barnum  Iâm never assuming that our solution is right â But, we know that it does work â Others may do it too.  This is possible to solve  Allan Thomson  Some things are not solved with STIX alone  We have 3 minutes left â I want to put a wrap-up on the call  Weâll use this slide deck on the full TC call later this week  If you have additional concerns â please send your concerns to the Mini-Group  Weâll continue to work on this â if you want to get involved â please join the Slack Channel  Trey Darley  We are coming up to the Holiday season â we should probably do a Doodle Poll â Schedule calls  Notional deadline of January 31. Â Iâll propose that we find some serious time to work through issues and write text â we will need  Everyone to get together â weâll need to incorporate the Digital Signature updates.  That work will start in January â if we donât do the work, weâll revert to earlier version. Meeting Terminated ******************************************************************************* -- ***************************** Jane Ginn, MSIA, MRP Secretary, OASIS CTI TC jg@ctin.us 001 (928) 399-0509 ***************************** |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]