1 / 9

CTI STIX SC Monthly Meeting

www.oasis-open.org. CTI STIX SC Monthly Meeting. August 19, 2015. www.oasis-open.org. Agenda. Work progress status Update on STIX 1.2.1 specs Discuss ideas for HOW we do work The need for use cases. STIX 1.2.1 specification status.

merlino
Download Presentation

CTI STIX SC Monthly Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.oasis-open.org CTI STIX SCMonthly Meeting August 19, 2015

  2. www.oasis-open.org Agenda • Work progress status • Update on STIX 1.2.1 specs • Discuss ideas for HOW we do work • The need for use cases

  3. STIX 1.2.1 specification status • Worked with OASIS folks and now have OASIS document templates for all parts of STIX language specs • In process of migrating spec content from pre-OASIS form into the templates • Work being done by MITRE people who edited the original pre-OASIS documents • Drafts for Overview and Core documents are mostly done • Working through editing, formatting, policy details with OASIS • Estimate it will only take a few hours per document • Should have all existing documents migrated to OASIS drafts within 1.5-2.5 weeks • STIX Version 1.2.1 Part 1: Overview. [URI – added during publication] • STIX Version 1.2.1 Part 2: Common. [URI] • STIX Version 1.2.1 Part 3: Core. (this document) • STIX Version 1.2.1 Part 4: Indicator. [URI] • STIX Version 1.2.1 Part 5: TTP. [URI] • STIX Version 1.2.1 Part 6: Incident. [URI] • STIX Version 1.2.1 Part 7: Threat Actor. [URI] • STIX Version 1.2.1 Part 8: Campaign. [URI] • STIX Version 1.2.1 Part 9: Course of Action. [URI] • STIX Version 1.2.1 Part 10: Exploit Target. [URI] • STIX Version 1.2.1 Part 11: Report. [URI] • STIX Version 1.2.1 Part 12: Extensions. [URI] • STIX Version 1.2.1 Part 13: Data Marking. [URI] • STIX Version 1.2.1 Part 14: Vocabularies. [URI] • STIX Version 1.2.1 Part 15: UML Model. [URI] • XML schemas: (list file names or directory name) [URI]

  4. STIX Tools Update • OpenIOC->STIX tool update was released to support STIX 1.2 • STIX2HTML is in process of update for STIX 1.2 • STIXviz is almost ready for its STIX 1.2 release

  5. Ideas for HOW we do work Leveraging github • Issue trackers • Wikis • Will likely need to being thinking of the “specs” repository as primary area for STIX language • Should eventually move over appropriate tracker issues from “schemas” repository • Ideas for how else we could be leveraging github?

  6. Ideas for HOW we do work Other ideas for technical enablers? • Does anyone have any other ideas for gaps/solutions of technical enablers for our work? • Discuss exploration into collaboration tools • SC co-chairs are discussing potential options • Interested in input/feedback on requirements and options • Options for managing meetings better?

  7. Ideas for HOW we do work Official STIX SC Secretary? • What do people think of the idea of having an official STIX SC Secretary to organize and coordinate SC activities?

  8. Ideas for HOW we do work Discussion of STIX SC work processes • Don’t want to rehash the email from the co-chairs sent on 8/1 • Do need to emphasize that under formal governance our work will need to be open, deliberative, ordered and tracked. • Encourage ideas and discussion but caution that consensus and decisions will need to follow process. • Please keep talking. :-) • Encourage contributions beyond just thoughts • As work product efforts are stood up, editors will be needed • Contributions of use cases, conceptual models, schema structures, normative or informative language suggestions, test data, etc. will be invaluable to collaborative progression • MITRE folks will continue to be involved but we will need a broader base of active contributors going forward

  9. The need for use cases • The need for Use Cases has been repeatedly raised • Use cases have always been driving STIX/TAXII/CybOX but they have not been explicitly codified • Under formal governance we need to do this • This topic is being discussed across the SCs at the TC level not just for STIX • We need to capture comprehensive set of use cases for STIX • Suggestion: Initial capture and evolution in a github wiki • Suggestion: Identifying a volunteer to help coordinate this activity

More Related