[STIX] Material for September STIX Community Call

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[STIX] Material for September STIX Community Call

Wunder, John A.

All,

 

As a reminder, the September STIX community call will be held at 11am-1pm (Eastern) tomorrow, September 11th. We plan to walk through two major topics: the report object proposal by FS-ISAC and continued work on the Simple Indicator Publication Profile. During those discussions we’ll use the following material:

 

1.       For the Community Indicator Profile discussion we’ll use the two attached docs. One is the latest version of a high-level overview of the profile, the other is a set of discussion questions that we’ll walk through.

2.       For the Report Object discussion, the following two links contain the info you’ll need. The first is the proposal we’ll walk through, the second is a more complete set of options for how we could proceed.

a.       FS-ISAC Report Object Proposal: https://github.com/STIXProject/schemas/wiki/FS-ISAC-Proposal:-Add-Report-Object-as-Minor-Release

b.      Report object options: https://github.com/STIXProject/schemas/wiki/Report-Object-Options

 

If you have time it might be helpful to read through both sets of information prior to the call, but if not don’t worry. We’ll walk through all of it through the course of the call.

 

Also, I want to apologize again for the multiple calendar invites. Make sure to use the info below, which should now be the same as what you have in the calendar invite.

 

Thanks in advance for your participation,

John Wunder

STIX Project Team

 

.........................................................................................................................................

à Join Lync Meeting      

 

Join by phone

<a href="tel:&#43;1%20(703)%20983-2020">+1 (703) 983-2020 (McLean)                            English (United States)

<a href="tel:&#43;1%20(781)%20271-2020">+1 (781) 271-2020 (McLean)                            English (United States)  

Find a local number

 

Conference ID: 81357784

 

Forgot your dial-in PIN? |Help    

 

[!OC([1033])!]

.........................................................................................................................................

Quick Tips: Join by Phone for Meeting Audio
  • PRIOR to the meeting make sure to create your PIN (MITRE only, FJ:UCPIN) to use with your MITRE work number. Non-MITRE participants do not utilize a PIN.
  • Select Do not join audio in the Join Meeting Audio window after clicking the Join online meeting link. This indicates you will dial in by phone.
  • To go quickly to the MITRE work number + PIN entry prompts: Press #, # after entering the Conference ID. (External partners, press #,#,#).
More information: How to join a MITRE meeting

STIX Community Profiles Working Paper.docx (22K) Download Attachment
Simple Indicator Publication Profile.docx (38K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [STIX] Material for September STIX Community Call

Collie, Byron S.
I apologise i cannot be on the call today.

Goldman Sachs supports the creation of a report object separate to the STIX package. Our reasoning is not all STIX data for us will be coming in structured form. We are working on technology to extract extended STIX data from unstructured reporting (eg CrowdStrike Putter Panda report, FireEye blogs etc) and the source and report are key elements separate from the STIX package that may be constructed from it.

We are also working with the concept of Collections (think of collections of reports from sources that have multiple types of datay

Not everything will be structured and STIX formatted as much as we might like it so we need report objects, collection and sources to allow us to incorporate unstructured data sources and appropriate metadata for tracking, confidence scoring etc into the STIX model.

Byron

 
From: Wunder, John A. [mailto:[hidden email]]
Sent: Wednesday, September 10, 2014 02:39 PM
To: [hidden email] <[hidden email]>
Subject: [STIX] Material for September STIX Community Call
 

All,

 

As a reminder, the September STIX community call will be held at 11am-1pm (Eastern) tomorrow, September 11th. We plan to walk through two major topics: the report object proposal by FS-ISAC and continued work on the Simple Indicator Publication Profile. During those discussions we’ll use the following material:

 

1.       For the Community Indicator Profile discussion we’ll use the two attached docs. One is the latest version of a high-level overview of the profile, the other is a set of discussion questions that we’ll walk through.

2.       For the Report Object discussion, the following two links contain the info you’ll need. The first is the proposal we’ll walk through, the second is a more complete set of options for how we could proceed.

a.       FS-ISAC Report Object Proposal: https://github.com/STIXProject/schemas/wiki/FS-ISAC-Proposal:-Add-Report-Object-as-Minor-Release

b.      Report object options: https://github.com/STIXProject/schemas/wiki/Report-Object-Options

 

If you have time it might be helpful to read through both sets of information prior to the call, but if not don’t worry. We’ll walk through all of it through the course of the call.

 

Also, I want to apologize again for the multiple calendar invites. Make sure to use the info below, which should now be the same as what you have in the calendar invite.

 

Thanks in advance for your participation,

John Wunder

STIX Project Team

 

.........................................................................................................................................

à Join Lync Meeting      

 

Join by phone

<a href="tel:&#43;1%20(703)%20983-2020">+1 (703) 983-2020 (McLean)                            English (United States)

<a href="tel:&#43;1%20(781)%20271-2020">+1 (781) 271-2020 (McLean)                            English (United States)  

Find a local number

 

Conference ID: 81357784

 

Forgot your dial-in PIN? |Help    

 

[!OC([1033])!]

.........................................................................................................................................

Quick Tips: Join by Phone for Meeting Audio
  • PRIOR to the meeting make sure to create your PIN (MITRE only, FJ:UCPIN) to use with your MITRE work number. Non-MITRE participants do not utilize a PIN.
  • Select Do not join audio in the Join Meeting Audio window after clicking the Join online meeting link. This indicates you will dial in by phone.
  • To go quickly to the MITRE work number + PIN entry prompts: Press #, # after entering the Conference ID. (External partners, press #,#,#).
More information: How to join a MITRE meeting