1 / 9

CTI STIX SC Monthly Meeting

www.oasis-open.org. CTI STIX SC Monthly Meeting. December 23, 2015. www.oasis-open.org. Agenda. Keep call short for the Holidays Introduce the STIX 2.0 Round 1 Strawman proposals Inform on what they are, where they are, and why they are Do NOT want to debate the proposals on this call

lloyde
Télécharger la présentation

CTI STIX SC Monthly Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. www.oasis-open.org CTI STIX SCMonthly Meeting December 23, 2015

  2. www.oasis-open.org Agenda • Keep call short for the Holidays • Introduce the STIX 2.0 Round 1 Strawman proposals • Inform on what they are, where they are, and why they are • Do NOT want to debate the proposals on this call • Open discussion or end early and go see our families

  3. STIX 2.0 Round 1 Strawman ProposalsWhat are they? • Contributions as experts not co-chair • The STIX 2.0 Round 1 Strawman proposals include 18 proposals covering 22 tracker issues including: • 6 Top Ten Roadmap issues (#306, #148, #291, #221, #201, #360) • 16 other issues

  4. Why are they? • Give food for thought over Holidays • Set us up for focus after the Holidays • Identify and close quick consensus issues • Identify good issues for F2F agenda • Provide well thought out fully modeled proposed solutions to issues to focus and frame conversation and move us forward faster

  5. Where are they? • Overview page and proposals are in the STIXProject/specifications wiki • Full STIX 2.0 Round 1 Strawman draft UML model is available in the stix-2.0-Round-1-Strawman branch of the specifications repository on github

  6. Proposal format • Issue Summary • Proposed • Proposed Model • Examples • JSON Schema Serialization snippets • JSON Serialization example snippets • Open Questions

  7. Notes and Caveats • All proposed changes exist in an integrated STIX 2.0 Round 1 Strawman model derived from 1.2.1 model • Proposals, model fragments and JSON snippets will often include changes from other issues and proposals • JSON snippets are illustrative not normative • Don’t get hung up on style or naming conventions (we can adjust that) • Snippets were kept as simple and focused as possible • There are likely errors here and there • It is our intent to provide JSON Schema snippets but have not yet had time. Assistance would be appreciated. • We’ll tackle these proposals on the list but please feel free to register thoughts and feedback within the relevant issues in the tracker

  8. STIX 2.0 Proposal1 : Extend core constructs from a single base class (#148) • STIX 2.0 Proposal2 : Make IDs required (#221) • STIX 2.0 Proposal3: Add Alternative_IDs to all top level objects (#358, #187) • STIX 2.0 Proposal4: Remove Short_Description (#194) • STIX 2.0 Proposal5 : Abstract Source to top level construct rather than embedded only within other constructs (#233) • STIX 2.0 Proposal6 : Remove the @id\@idref attribute from some constructs (#336) • STIX 2.0 Proposal7 : Make Observable structure align with other components (#160) • STIX 2.0 Proposal8 : Remove either embedded or referenced relationships (#201) • STIX 2.0 Proposal9 : Abstract relationships as top level constructs rather than embedded within other constructs (#291) • STIX 2.0 Proposal10 : Make field names consistent for usages of Information Source (#263) • STIX 2.0 Proposal11 : Abstract Sightings into an independent construct rather than embedded within Indicator (#306) • STIX 2.0 Proposal12 : Clarify semantics of different types of TTPs as expressed in the TTP construct (#360) • STIX 2.0 Proposal13 : Refactor Kill Chain Types (#117, #191, #241, #190, #47) • STIX 2.0 Proposal14 : Flatten list layers in Package (#382) • STIX 2.0 Proposal15 : Remove abstract base types for "top level" objects (#386) • STIX 2.0 Proposal16 : Refactor Report Object (#385) • STIX 2.0 Proposal17: Clarify semantics of different types of Exploit Targets as expressed in the Exploit Target construct (#387) • STIX 2.0 Proposal18: Abstract Victim to top level construct rather than embedded only within Incident and TTP (#149)

  9. Comments? • Questions? • Happy Holidays!

More Related