[cti-users] Need Examples of stix components

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] Need Examples of stix components

sri devi


Hi,

   Need examples  with clarity to the below component attributes.



Indicator:
----------
Attributes:
----------
Composite_indicator_Expression
Kill_Chain_Phases
Handling
Related_Indicators
Related_compaigns
Related_pckages

Need clarity of above attributes  of Indicator with Examples.

Incident
--------
Attributes
----------
Investigation
Exercise/Network Defence testing
ordinality
Structuring_format
Attributed_Thread_Actors
Intended_Effect
Related_incidents

Need clarity of above attributes  of Incident with Examples.

Observable
-----------
Attributes
-----------
Keywords
Observable_Composition
Pattern_Fidelity

Need clarity of above attributes  of Observable with Examples.

TTP
----
Attributes
-----------

Handling
Kill_Chains
Kill_Chain_Phases
Exploit_Targets


Need clarity of above attributes  of TTP with Examples.

Exploit_Targets
----------------
Attributes
-----------
Handling
Related_exploit_target
Configuration
Potential_COAs

Need clarity of above attributes  of Exploit_Targets with Examples.

Course_Of_Action
----------------
Attributes
----------
Related_COAs
Efficacy

Need clarity of above attributes  of Course_Of_Action with Examples.


Campaign
---------
Attributes
-----------
Intended_Effect
Related_Indicators
Related_incidents
Attribution
Associated_Campaign
Handling

Need clarity of above attributes  of Campaign with Examples.

Threat_Actor
-------------
attributes
----------
Identity
Motivation
Sophistication
Planning_And_Operational_support
Handling

Need clarity of above attributes  of Threat_Actor with Examples.





--
thank you....
        
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [cti-users] Need Examples of stix components

Mark Clancy

So I don't have such an all in STIX document handy, but it seems like a really good idea to make one. This also goes to another need which is the 'usage' convention side of what does well crafted STIX actually look like for a sample.  I would suggest this is a worthwhile effort for the group and we should include it with the documentation set.


I am hoping that the folks at MITRE already have such an all encompassing sample document.


-Mark



Mark Clancy
Chief Executive Officer
SOLTRA | An FS-ISAC and DTCC Company
+1.813.470.2400 office | +1.610.659.6671 US mobile |  +44 7823 626 535  UK mobile
[hidden email] | soltra.com
 
One organization's incident becomes everyone's defense.
 



From: [hidden email] <[hidden email]> on behalf of sri devi <[hidden email]>
Sent: Wednesday, October 7, 2015 4:10 AM
To: [hidden email]
Subject: [cti-users] Need Examples of stix components
 


Hi,

   Need examples  with clarity to the below component attributes.



Indicator:
----------
Attributes:
----------
Composite_indicator_Expression
Kill_Chain_Phases
Handling
Related_Indicators
Related_compaigns
Related_pckages

Need clarity of above attributes  of Indicator with Examples.

Incident
--------
Attributes
----------
Investigation
Exercise/Network Defence testing
ordinality
Structuring_format
Attributed_Thread_Actors
Intended_Effect
Related_incidents

Need clarity of above attributes  of Incident with Examples.

Observable
-----------
Attributes
-----------
Keywords
Observable_Composition
Pattern_Fidelity

Need clarity of above attributes  of Observable with Examples.

TTP
----
Attributes
-----------

Handling
Kill_Chains
Kill_Chain_Phases
Exploit_Targets


Need clarity of above attributes  of TTP with Examples.

Exploit_Targets
----------------
Attributes
-----------
Handling
Related_exploit_target
Configuration
Potential_COAs

Need clarity of above attributes  of Exploit_Targets with Examples.

Course_Of_Action
----------------
Attributes
----------
Related_COAs
Efficacy

Need clarity of above attributes  of Course_Of_Action with Examples.


Campaign
---------
Attributes
-----------
Intended_Effect
Related_Indicators
Related_incidents
Attribution
Associated_Campaign
Handling

Need clarity of above attributes  of Campaign with Examples.

Threat_Actor
-------------
attributes
----------
Identity
Motivation
Sophistication
Planning_And_Operational_support
Handling

Need clarity of above attributes  of Threat_Actor with Examples.





--
thank you....
        
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [cti-users] Need Examples of stix components

Wunder, John A.
In reply to this post by sri devi
I would take a look at the examples and concept documentation on the STIX website:


We don’t yet have examples for everything, but when in doubt use the data model docs to at least get the documentation (search box in the top right, search for “Incident”).

John

On Oct 7, 2015, at 4:10 AM, sri devi <[hidden email]> wrote:



Hi,

   Need examples  with clarity to the below component attributes.



Indicator:
----------
Attributes:
----------
Composite_indicator_Expression
Kill_Chain_Phases
Handling
Related_Indicators
Related_compaigns
Related_pckages

Need clarity of above attributes  of Indicator with Examples.

Incident
--------
Attributes
----------
Investigation
Exercise/Network Defence testing
ordinality
Structuring_format
Attributed_Thread_Actors
Intended_Effect
Related_incidents

Need clarity of above attributes  of Incident with Examples.

Observable
-----------
Attributes
-----------
Keywords
Observable_Composition
Pattern_Fidelity

Need clarity of above attributes  of Observable with Examples.

TTP
----
Attributes
-----------

Handling
Kill_Chains
Kill_Chain_Phases
Exploit_Targets


Need clarity of above attributes  of TTP with Examples.

Exploit_Targets
----------------
Attributes
-----------
Handling
Related_exploit_target
Configuration
Potential_COAs

Need clarity of above attributes  of Exploit_Targets with Examples.

Course_Of_Action
----------------
Attributes
----------
Related_COAs
Efficacy

Need clarity of above attributes  of Course_Of_Action with Examples.


Campaign
---------
Attributes
-----------
Intended_Effect
Related_Indicators
Related_incidents
Attribution
Associated_Campaign
Handling

Need clarity of above attributes  of Campaign with Examples.

Threat_Actor
-------------
attributes
----------
Identity
Motivation
Sophistication
Planning_And_Operational_support
Handling

Need clarity of above attributes  of Threat_Actor with Examples.





--
thank you....
        

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [cti-users] Need Examples of stix components

John Anderson

+1 for expanding the Idioms document.


STIX/CybOX are extremely flexible. This means that sometimes the same high-level concept can be expressed in multiple ways. I'm looking for pragmatic "best practices" for expressing common high-level concepts (for which "idiom" is truly a perfect word).


This would be very valuable to newcomers to CTI (like myself).


Thanks,

JSA




From: [hidden email] <[hidden email]> on behalf of Wunder, John A. <[hidden email]>
Sent: Wednesday, October 7, 2015 9:53 AM
To: sri devi
Cc: [hidden email]
Subject: Re: [cti-users] Need Examples of stix components
 
I would take a look at the examples and concept documentation on the STIX website:


We don’t yet have examples for everything, but when in doubt use the data model docs to at least get the documentation (search box in the top right, search for “Incident”).

John

On Oct 7, 2015, at 4:10 AM, sri devi <[hidden email]> wrote:



Hi,

   Need examples  with clarity to the below component attributes.



Indicator:
----------
Attributes:
----------
Composite_indicator_Expression
Kill_Chain_Phases
Handling
Related_Indicators
Related_compaigns
Related_pckages

Need clarity of above attributes  of Indicator with Examples.

Incident
--------
Attributes
----------
Investigation
Exercise/Network Defence testing
ordinality
Structuring_format
Attributed_Thread_Actors
Intended_Effect
Related_incidents

Need clarity of above attributes  of Incident with Examples.

Observable
-----------
Attributes
-----------
Keywords
Observable_Composition
Pattern_Fidelity

Need clarity of above attributes  of Observable with Examples.

TTP
----
Attributes
-----------

Handling
Kill_Chains
Kill_Chain_Phases
Exploit_Targets


Need clarity of above attributes  of TTP with Examples.

Exploit_Targets
----------------
Attributes
-----------
Handling
Related_exploit_target
Configuration
Potential_COAs

Need clarity of above attributes  of Exploit_Targets with Examples.

Course_Of_Action
----------------
Attributes
----------
Related_COAs
Efficacy

Need clarity of above attributes  of Course_Of_Action with Examples.


Campaign
---------
Attributes
-----------
Intended_Effect
Related_Indicators
Related_incidents
Attribution
Associated_Campaign
Handling

Need clarity of above attributes  of Campaign with Examples.

Threat_Actor
-------------
attributes
----------
Identity
Motivation
Sophistication
Planning_And_Operational_support
Handling

Need clarity of above attributes  of Threat_Actor with Examples.





--
thank you....
        

Loading...