CTI STIX SC Monthly Meeting December 23, 2015.
-
Upload
tracy-haynes -
Category
Documents
-
view
218 -
download
0
description
Transcript of CTI STIX SC Monthly Meeting December 23, 2015.
![Page 1: CTI STIX SC Monthly Meeting December 23, 2015.](https://reader036.fdocuments.us/reader036/viewer/2022082501/5a4d1b6c7f8b9ab0599b3983/html5/thumbnails/1.jpg)
CTI STIX SCCTI STIX SCMonthly MeetingMonthly Meeting
www.oasis-open.org
December 23, 2015December 23, 2015
![Page 2: CTI STIX SC Monthly Meeting December 23, 2015.](https://reader036.fdocuments.us/reader036/viewer/2022082501/5a4d1b6c7f8b9ab0599b3983/html5/thumbnails/2.jpg)
www.oasis-open.org
Agenda Keep call short for the Holidays Introduce the STIX 2.0 Round 1 Strawman
proposals Inform on what they are, where they are, and why
they are Do NOT want to debate the proposals on this call
Open discussion or end early and go see our families
![Page 3: CTI STIX SC Monthly Meeting December 23, 2015.](https://reader036.fdocuments.us/reader036/viewer/2022082501/5a4d1b6c7f8b9ab0599b3983/html5/thumbnails/3.jpg)
STIX 2.0 Round 1 Strawman ProposalsWhat are they? Contributions as experts not co-chair The STIX 2.0 Round 1 Strawman proposals include
18 proposals covering 22 tracker issues including: 6 Top Ten Roadmap issues (#306, #148, #291, #221,
#201, #360) 16 other issues
![Page 4: CTI STIX SC Monthly Meeting December 23, 2015.](https://reader036.fdocuments.us/reader036/viewer/2022082501/5a4d1b6c7f8b9ab0599b3983/html5/thumbnails/4.jpg)
Why are they? Give food for thought over Holidays Set us up for focus after the Holidays Identify and close quick consensus issues Identify good issues for F2F agenda Provide well thought out fully modeled
proposed solutions to issues to focus and frame conversation and move us forward faster
![Page 5: CTI STIX SC Monthly Meeting December 23, 2015.](https://reader036.fdocuments.us/reader036/viewer/2022082501/5a4d1b6c7f8b9ab0599b3983/html5/thumbnails/5.jpg)
Where are they? Overview page and proposals are in the
STIXProject/specifications wiki
Full STIX 2.0 Round 1 Strawman draft UML model is available in the stix-2.0-Round-1-Strawman branch of the specifications repository on github
![Page 6: CTI STIX SC Monthly Meeting December 23, 2015.](https://reader036.fdocuments.us/reader036/viewer/2022082501/5a4d1b6c7f8b9ab0599b3983/html5/thumbnails/6.jpg)
Proposal format Issue Summary Proposed Proposed Model Examples
JSON Schema Serialization snippets JSON Serialization example snippets
Open Questions
![Page 7: CTI STIX SC Monthly Meeting December 23, 2015.](https://reader036.fdocuments.us/reader036/viewer/2022082501/5a4d1b6c7f8b9ab0599b3983/html5/thumbnails/7.jpg)
Notes and Caveats All proposed changes exist in an integrated STIX 2.0 Round 1
Strawman model derived from 1.2.1 model Proposals, model fragments and JSON snippets will often
include changes from other issues and proposals JSON snippets are illustrative not normative
Don’t get hung up on style or naming conventions (we can adjust that) Snippets were kept as simple and focused as possible There are likely errors here and there
It is our intent to provide JSON Schema snippets but have not yet had time. Assistance would be appreciated.
We’ll tackle these proposals on the list but please feel free to register thoughts and feedback within the relevant issues in the tracker
![Page 8: CTI STIX SC Monthly Meeting December 23, 2015.](https://reader036.fdocuments.us/reader036/viewer/2022082501/5a4d1b6c7f8b9ab0599b3983/html5/thumbnails/8.jpg)
STIX 2.0 Proposal1 : Extend core constructs from a single base class (#148) STIX 2.0 Proposal2 : Make IDs required (#221) STIX 2.0 Proposal3: Add Alternative_IDs to all top level objects (#358, #187) STIX 2.0 Proposal4: Remove Short_Description (#194) STIX 2.0 Proposal5 : Abstract Source to top level construct rather than embedded only within other constructs
(#233) STIX 2.0 Proposal6 : Remove the @id\@idref attribute from some constructs (#336) STIX 2.0 Proposal7 : Make Observable structure align with other components (#160) STIX 2.0 Proposal8 : Remove either embedded or referenced relationships (#201) STIX 2.0 Proposal9 : Abstract relationships as top level constructs rather than embedded within other constructs
(#291) STIX 2.0 Proposal10 : Make field names consistent for usages of Information Source (#263) STIX 2.0 Proposal11 : Abstract Sightings into an independent construct rather than embedded within Indicator
(#306) STIX 2.0 Proposal12 : Clarify semantics of different types of TTPs as expressed in the TTP construct (#360) STIX 2.0 Proposal13 : Refactor Kill Chain Types (#117, #191, #241, #190, #47) STIX 2.0 Proposal14 : Flatten list layers in Package (#382) STIX 2.0 Proposal15 : Remove abstract base types for "top level" objects (#386) STIX 2.0 Proposal16 : Refactor Report Object (#385) STIX 2.0 Proposal17: Clarify semantics of different types of Exploit Targets as expressed in the Exploit Target
construct (#387) STIX 2.0 Proposal18: Abstract Victim to top level construct rather than embedded only within Incident and TTP
(#149)
![Page 9: CTI STIX SC Monthly Meeting December 23, 2015.](https://reader036.fdocuments.us/reader036/viewer/2022082501/5a4d1b6c7f8b9ab0599b3983/html5/thumbnails/9.jpg)
Comments?
Questions?
Happy Holidays!