OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Motion for Open Repository for the Common STIX objects

Hi all,


As mentioned previously, MITRE has been asked by DHS/CISA to stand up a common object repository.  After much thought, we think that it would be best hosted as an OASIS Open Repository. 

This needs the approval of the TC.


We hope that others find it useful and will contribute to the project. 


See below for a detailed description of this proposed repository and some policy questions and answers.



I move that the TC approve by unanimous consent requesting OASIS to set up an OASIS Open Repository project named cti-stix-common-objects using the following pieces of information:


Purpose Statement: A repository of commonly used STIX objects that do not need to be created and shared by the CTI community.


Initial Maintainers: Rich Piazza, Chris Lenk


Open Source License: BSD-3-Clause License


GitHub Name: cti-stix-common-objects


Short Description: OASIS Common STIX Object Repository: a repository for commonly used STIX objects in order to avoid needless duplication



If there have been no objections before Monday March 1 at 21:00 UTC (5:00 PM EST), I will submit the form [1] to ask OASIS to create the repository. 


Thank you,

Rich Piazza


[1] https://www.oasis-open.org/resources/tc-admin-requests/open-repository-request




Rationale for the Repository


Having such a repository of common CTI objects has always been on the âwish listâ of members of the OASIS CTI-TC.

Many entities in cyber threat intelligence are common and having many duplicate STIX objects to represent the same concept has always been seen as wasteful and problematic. 


Initial Contents of the Repository


                The initial content was created via a script:


         Location objects

o    All countries (compiled from Python pycountry package)

o    All States (constant in script)

o    All Canadian Provinces (constant in script)

o    All regions from specification in region-ov

         Identity objects

o    One for the object creator (currently OASIS - identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a.json)

o    All sectors from specification in industry-sector-ov

         Vulnerability objects

o    All 148,032 âpublishedâ CVEs 


Other objects considered but rejected:


         ipv4-addr objects (too many â billions and billions)

         Data Markings

         Licenses â the text needs to be specific to the license holder, so no real common objects

    • Software objects based on CPE (over 600,000 entries)
      • Perhaps the more common Software can be determined




  • Where would it be hosted?
    • GitHub oasis-open web site.
  • How is the content stored?  
  • Is it âfrontedâ by a TAXII server?
    • Not at this time
  • Who maintains it?  
    • Initially MITRE will volunteer to be the Maintainers, to be replaced or added to with members from the TC
  • Who decides what should be in the repository? 
    • The maintainers, for now. Contributions are welcome â via merge requests
  • How to use the repository?
    • Download the content and incorporate it using the python-stix2 file system datastore


IP Issues


  • All repositories on the GitHub oasis-open web site is MUST have a README file that contains a section on Governance. 

This is where licensing information is stated.  I assume that the default BSD-3-Clause License will be used

    • Is there a copyright notice (via a data marking) needed on all objects? 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]