Presentation is loading. Please wait.

Presentation is loading. Please wait.

CTI STIX SC Monthly Meeting www.oasis-open.org October 21, 2015.

Published bySheryl Blair Modified over 8 years ago

Similar presentations

Presentation on theme: "CTI STIX SC Monthly Meeting www.oasis-open.org October 21, 2015."— Presentation transcript:

1 CTI STIX SC Monthly Meeting www.oasis-open.org October 21, 2015

2 www.oasis-open.org Agenda n STIX 1.2.1 specs l Status and Next Steps n STIX 2.0 kickoff l Initial administrative steps l Begin deliberative process (get stuff done) n Setting the stage and navigating the road Use cases Issues n Some decisions to make

3 STIX 1.2.1 specification status and next steps n STIX SC review of full multipart specification drafts completed and package uploaded to TC site for consideration – 10/15/15 n Awaiting TC motion and vote to move to Committee Specification for Pubic Review Draft l Likely will occur during tomorrow’s TC meeting n After 30 day public review period it can be voted on and finalized as a Committee Specification n STIX Version 1.2.1 Part 1: Overview. n STIX Version 1.2.1 Part 2: Common. n STIX Version 1.2.1 Part 3: Core. n STIX Version 1.2.1 Part 4: Indicator. n STIX Version 1.2.1 Part 5: TTP. n STIX Version 1.2.1 Part 6: Incident. n STIX Version 1.2.1 Part 7: Threat Actor. n STIX Version 1.2.1 Part 8: Campaign. n STIX Version 1.2.1 Part 9: Course of Action. n STIX Version 1.2.1 Part 10: Exploit Target. n STIX Version 1.2.1 Part 11: Report. n STIX Version 1.2.1 Part 12: Extensions. n STIX Version 1.2.1 Part 13: Data Marking. n STIX Version 1.2.1 Part 14: Vocabularies. n STIX Version 1.2.1 Part 15: UML Model. n Uml Model Serialization n XMI files n Diagrams

4 STIX 2.0 Official Kickoff n Initial administrative steps l Select editors n The list is now open for nominations n Co-chairs propose that we select at least 2 editors: one from the modeling perspective and one from the implementation perspective l Request document templates n Begin deliberative process l aka “get stuff done”

5 STIX 2.0 Official Kickoff n Begin deliberative process l Setting the stage and navigating the road n Use Cases Need active participation from members in identifying and filling out use cases on github STIXProject/use-cases wiki Focus first on the ones most important to you n Issue Trackers Need to merge appropriate issues from schemas tracker into specifications tracker – should occur soon Need to triage trackers Identify new issues Add comments to issues Consider your opinion of priority

6 STIX 2.0 Official Kickoff n Begin deliberative process l Decisions to be made in moving forward n Ensuring all voices are heard on prioritization is going to require some technical mechanism to support “Voting” on issues

7 Github Bitbucket Gitpoll Poll Junkie Google Forms Stack Exchange Options for “Voting” on Issues

8 Github Bitbucket Gitpoll Poll Junkie Google Forms Stack Exchange + Tied to our source code + Straightforward to use and comment -Relies on comments -Requires Github account to vote Options for “Voting” on Issues

9 Github Bitbucket Gitpoll Poll Junkie Google Forms Stack Exchange + Allows voting on issues + Otherwise very similar to Github -Would be a change for the community -Bitbucket less popular than github -Just talked to OASIS about using Github -Requires Bitbucket account to vote Options for “Voting” on Issues

10 Github Bitbucket Gitpoll Poll Junkie Google Forms Stack Exchange + Allows voting on issues + Integrated with Github issues -No list page for all issues / voting results -Requires Github account to vote * Feathub similar, but buggy and not automatically synced Options for “Voting” on Issues

11 Github Bitbucket Gitpoll Poll Junkie Google Forms Stack Exchange + Allows ranking issues, not just voting -Not integrated with Github, would need to do it manually Options for “Voting” on Issues

12 Github Bitbucket Gitpoll Poll Junkie Google Forms Stack Exchange + Similar to Poll Junkie, but more question types -Not integrated with Github, would need to do it manually -A bit harder to configure and view results Options for “Voting” on Issues

13 Github Bitbucket Gitpoll Poll Junkie Google Forms Stack Exchange + Allows voting on both “issues” and “solutions” -More of a QA site than feature tracking -Not sure we could get one set up Options for “Voting” on Issues

14 Summary Thoughts: Options for “Voting” on Issues n If we want generic voting on issues and are OK switching infrastructure, move (even just the issue tracker) to Bitbucket n If we want to choose which topics to prioritize first, Poll Junkie might be a good option n If we want to spend a lot of time setting it up but get a decent result, Gitpoll or Google Forms might be the best bet

15 STIX 2.0 Official Kickoff n Begin deliberative process l Decisions to be made in moving forward n Ensuring all voices are heard on prioritization is going to require some technical mechanism to support “Voting” on issues n Trying to get use cases and issues perfect before we start actually working on stuff is impractical Co-chair proposal #1: We progressively flesh out use cases while working issues First step of working any issue is to identify relevant use cases and flesh them out Co-chair proposal #2: We start working on 2-3 issues highlighted as high priority by list discussions

16 Some suggested guidelines for selecting initial issues n Issues of high importance to adopters n Issues with less contention of opinion (quick wins) n Issues with architectural significance (lay foundations) n Issues with potentially significant impact on the model (lay foundations) n Issues with relatively clear solutions (quick wins)

17 Some Potential Options for Initial Issues to Tackle n Let’s pick 2-3 to start working on l Sightings l Relationships l ID format l Abstracting constructs (identity, victim, source and asset) l In-line vs referencing of content l Data Markings l Other suggestions?? n Discuss on list and narrow down to 2-3

18 Example of Opinion Contribution for an Issue n To show the sorts of immediate contributions and discussions we could have on these issues Aharon threw together a few slides to show his current thinking on the Sightings issue l This is not necessarily his final opinion l We all may agree/disagree with all or parts l The intent is NOT to debate this on the call l The intent is NOT to make any decisions on the call

19 Top Level Sighting Object Why? n No independent way to say ‘I saw this’ n Sightings currently buried under Indicator n Adding a Sighting means sending updated Indicator n If you have 1000 new sightings that’s a lot of Indicators to reissue A top-level Sighting Object allows Sightings to be sent independently Opinion Example: Aharon

20 Sighting Object discussion n Should a Sighting Object only reference ‘detected’ information (e.g. Observable Instances only) OR n Should a Sighting Object reference any other top- level Object (e.g. Threat Actor’s, TTPs, etc) OR n Should a Sighting Object reference some top-level Objects based on STIX model (e.g. Threat Actor’s, TTPs, Indicators, Incident, Report) Opinion Example: Aharon

21 Sighting Object possible fields n One or more referenced objects (i.e. idref) n Sighting Count n Timestamp / Time Period n Victim Organization information n Producer Organization information n Sighting Confidence n TLP / Data Markings n Alternative Sighting ID n Sighting Type n Title n Description n Short Description n Version Opinion Example: Aharon

22 Sighting Object UML Strawman Opinion Example: Aharon

23 Thoughts? Questions?

24 Next meeting Wednesday, November 18th @ 4:00pm EDT

Download ppt "CTI STIX SC Monthly Meeting www.oasis-open.org October 21, 2015."

Similar presentations

OASIS OSLC CCM TC Inaugural Meeting 04 February 2014 02/04/14OASIS Presentation to OSLC CCM TC.

OASIS OSLC CCM TC Inaugural Meeting 04 February /04/14OASIS Presentation to OSLC CCM TC.
[Title of meeting] [Name of sponsor] [Date] For guidance on working with PowerPoint and reformatting slides, click on Help, then Microsoft PowerPoint Help,

[Title of meeting] [Name of sponsor] [Date] For guidance on working with PowerPoint and reformatting slides, click on Help, then Microsoft PowerPoint Help,
Microsoft Office 2007: Introductory Computer Applications 11.

Microsoft Office 2007: Introductory Computer Applications 11.
Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)

Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)
11 WARC standard revision workshop Clément Oury IIPC General Assembly open workshops Stanford, April 28th, 2015 IIPC General Assembly – Stanford – April.

11 WARC standard revision workshop Clément Oury IIPC General Assembly open workshops Stanford, April 28th, 2015 IIPC General Assembly – Stanford – April.
Submitting Book Chapters via Manuscript Central A Short Guide for Wiley-VCH Authors.

Submitting Book Chapters via Manuscript Central A Short Guide for Wiley-VCH Authors.
Pasewark & Pasewark 1 Word Lesson 8 Increasing Efficiency Using Word Microsoft Office 2007: Introductory.

Pasewark & Pasewark 1 Word Lesson 8 Increasing Efficiency Using Word Microsoft Office 2007: Introductory.
Internet and Social Networking Research Tools for Academic Writing Copyright © 2014 Todd A. Whittaker

Internet and Social Networking Research Tools for Academic Writing Copyright © 2014 Todd A. Whittaker
OASIS TECHNICAL COMMITTEE FORMAT OF AUTOMOTIVE REPAIR INFORMATION Meeting 18 th October 2002 These slides were updated during the meeting and provide a.

OASIS TECHNICAL COMMITTEE FORMAT OF AUTOMOTIVE REPAIR INFORMATION Meeting 18 th October 2002 These slides were updated during the meeting and provide a.
CTI STIX SC Kickoff Meeting www.oasis-open.org July 16, 2015.

CTI STIX SC Kickoff Meeting July 16, 2015.
OData Technical Committee Kick-off July 26, 2012.

OData Technical Committee Kick-off July 26, 2012.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Developing a Comprehensive GENI Cyber Security Program Adam.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Developing a Comprehensive GENI Cyber Security Program Adam.
Query Health Distributed Population Queries Implementation Group Meeting October 25, 2011.

Query Health Distributed Population Queries Implementation Group Meeting October 25, 2011.
© 2013 OSLC Steering Committee1 Proposal to Create OSLC Affiliated Technical Committees OSLC Steering Committee Meeting: 1 PM EDT, 8 July 2013 Open Services.

© 2013 OSLC Steering Committee1 Proposal to Create OSLC Affiliated Technical Committees OSLC Steering Committee Meeting: 1 PM EDT, 8 July 2013 Open Services.
National Information Exchange Model Update for the Global Advisory Committee Spring 2008 Meeting April 10, 2008 NIEM Technical Architecture Committee (NTAC)

National Information Exchange Model Update for the Global Advisory Committee Spring 2008 Meeting April 10, 2008 NIEM Technical Architecture Committee (NTAC)
CTI STIX SC Monthly Meeting www.oasis-open.org August 19, 2015.

CTI STIX SC Monthly Meeting August 19, 2015.
Change Enhancement Process Overview Chris Walsh North American Area Representative SAGGroup Executive Committee In my spare time … Chief Technology Architect.

Change Enhancement Process Overview Chris Walsh North American Area Representative SAGGroup Executive Committee In my spare time … Chief Technology Architect.
SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.
GOVERNOR’S EARLY CHILDHOOD ADVISORY COUNCIL (ECAC) September 9, 2014.

GOVERNOR’S EARLY CHILDHOOD ADVISORY COUNCIL (ECAC) September 9, 2014.
Applying design modules - New TeraText design modules.

Applying design modules - New TeraText design modules.

Similar presentations

Ads by Google