Hi, everybody -
As I'm sure you're aware, the OASIS STIX and CybOX TCs are hard at work on major revisions of these standards. We'd like to make evidence-based refactoring decisions. Towards that end, we're reaching out to the ISACs, ISAOs, and other miscellaneous information-sharing communities with a request for help. We're also reaching out to *you*, hence this mail. We've created a utility [0] which can be run against a threat-intel repository to output anonymized statistics about STIX/CybOX object usage. This output will be extremely helpful to informing our decision-making as we progress towards CybOX 3.0 and STIX 2.0. Please, if you belong to (or know of) an information-sharing community using STIX/CybOX, forward this request for assistance to them. Or if you administer such an organization yourself, please consider running the tool against your repository and sharing the results back with us. In any case, reporting output should be emailed to me or my CybOX SC co-chair Ivan Kirillov (in carbon-copy). Thanks a million, y'all! [0]: https://github.com/soltra/cti-stats/ -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "Every networking problem always takes longer to solve than it seems like it should." --RFC 1925 |
Hi, everybody -
Just a reminder, please help us out by running the cti-stats utility against your CTI repository and submitting the statistics back to Ivan Kirillov (in cc) or me. Ivan and I plan to share these anonymized statistics with the STIX/CybOX standards committees but we will use an anonymous identifier for the information source. Here's what cti-stats output looks like run against HailATAXII: <snip> +-------STIX stats------------------------------------------------------+ +-------STIX percentages------------------------------------------------+ ttps: 0.91% indicators: 99.09% +-------STIX counts-----------------------------------------------------+ ttps: 3442 indicators: 374645 Total STIX objects: 378087 +-------CybOX stats-----------------------------------------------------+ +-------CybOX percentages-----------------------------------------------+ URI: 38.81% Address: 28.85% Port: 0.62% File: 0.30% DomainName: 31.41% +-------CybOX counts----------------------------------------------------+ URI: 192292 Address: 142963 Port: 3089 File: 1488 DomainName: 155623 Total CybOX objects: 495455 </snip> If you don't feel comfortable sharing the object counts, you can just sent us the percentages. Even that we can use. Thanks in advance! -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "There are only two hard things in Computer Science: cache invalidation and naming things." --Phil Karlton |
Would be interesting if we get similar results than that http://www.net-security.org/secworld.php?id=19068
On Tuesday, 27 October 2015, Trey Darley <[hidden email]> wrote: Hi, everybody - |
Free forum by Nabble | Edit this page |