OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] [cti] STIX 2.1 Extension Examples



This latest exchange between Jeff Mates and myself about an Incident object made me reflect back on this email you sent me.    If you recall, there was a similar type of exchange with Chris Ricard about Vulnerabilities.


It got me thinking, what if we used the GitHub SEP Repository to be that place where people can go to see what extensions have been proposed, whoâs also working with them on, perhaps whoâs adopting.


This way people can find others with a similar interest that are committed enough to work on a definition together.  Rather than trying to convince everyone to agree, we use this as a sandbox.  Then may when we see enough collaboration and interest, an extension could be brought to the TC for formal adoption into the specification.


The hope being awareness of other parties interested in the same concept will help minimize the number of one-off extensions that are trying to define the same concept.


Just a thought â



Paul Patrick


From: Rich Piazza <rpiazza@mitre.org>
Date: Monday, October 19, 2020 at 11:33 AM
To: Paul Patrick <ppatrick@darklight.ai>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [EXT] [cti] STIX 2.1 Extension Examples


Hi Paul,


I really like your examples for Vulnerability and Data Marking Definition extensions. 


One of the things that stands out is that there are pre-existing json schemas for a lot of these ideas.  It would seem to me that having a repository of STIX Extension Definitions makes a lot of sense â a community known place to look for extension definitions.


DHS has asked us to look into creating a common STIX object repository for the community.  It would seem like Extension Definitions would be a natural fit for such a repository.


BTW â I noticed on your IEP example â the property âend_dateâ has a value of null.  The STIX spec generally would make a property optional if it could be null or emptyâ





Rich Piazza

Lead Cyber Security Engineer

The MITRE Corporation





From: <cti@lists.oasis-open.org> on behalf of Paul Patrick <ppatrick@darklight.ai>
Date: Friday, October 16, 2020 at 1:10 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [EXT] [cti] STIX 2.1 Extension Examples


I wanted to share with the community some of the various examples of using the proposed STIX Extensions.


Attached is a sample that illustrates:

         extend the STIX Vulnerability object with both CVSS scoring using the JSONscheme directly from FIRST

         extend the STIX Marking Definition object to create new data marking for IEP

         convert a couple of MITRE ATT&CK as STIX Attack Patterns representing the current MITRE custom extension using STIX Extensions



Paul Patrick


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]