OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [EXT] [cti] STIX 2.1 Extension Examples


Rich,

 

Thanks for reaching out.  If you recall the original idea for SEP there was going to be an OASIS GitHub where proposals would be placed.  Given our new thoughts on SEP, I would tend to agree that having a âknownâ place, call itâs a âExtension Registryâ would be a good thing and help everyone out.  This is not to say all Extensions MUST be registered, but kind of like IANA, it would give folks an initial place to look before creating their own.  This was exactly the conversation I was having with Chris Ricard about something they were doing that would fit into the CVSS JSON schema from FIRST.

 

As for the syntax error, I took the content directly from FIRSTâs example.  Guess I should have scrubbed it more

 

Count me in on any conversation abouts the concepts of a âExtension Registryâ and a common place for the community to find things.

 

 

 

Paul Patrick

 

 

From: Rich Piazza <rpiazza@mitre.org>
Date: Monday, October 19, 2020 at 11:33 AM
To: Paul Patrick <ppatrick@darklight.ai>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [EXT] [cti] STIX 2.1 Extension Examples

 

Hi Paul,

 

I really like your examples for Vulnerability and Data Marking Definition extensions. 

 

One of the things that stands out is that there are pre-existing json schemas for a lot of these ideas.  It would seem to me that having a repository of STIX Extension Definitions makes a lot of sense â a community known place to look for extension definitions.

 

DHS has asked us to look into creating a common STIX object repository for the community.  It would seem like Extension Definitions would be a natural fit for such a repository.

 

BTW â I noticed on your IEP example â the property âend_dateâ has a value of null.  The STIX spec generally would make a property optional if it could be null or emptyâ

 

                Rich

 

-- 

Rich Piazza

Lead Cyber Security Engineer

The MITRE Corporation

781-271-3760

 

signature_942796624

 

From: <cti@lists.oasis-open.org> on behalf of Paul Patrick <ppatrick@darklight.ai>
Date: Friday, October 16, 2020 at 1:10 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [EXT] [cti] STIX 2.1 Extension Examples

 

I wanted to share with the community some of the various examples of using the proposed STIX Extensions.

 

Attached is a sample that illustrates:

         extend the STIX Vulnerability object with both CVSS scoring using the JSONscheme directly from FIRST

         extend the STIX Marking Definition object to create new data marking for IEP

         convert a couple of MITRE ATT&CK as STIX Attack Patterns representing the current MITRE custom extension using STIX Extensions

 

 

Paul Patrick

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]