Top Level Sighting Object

Slides:

Advertisements

Similar presentations

How to Create a Local Collection

Advertisements

WELCOME TO AD POST JOBS. INSTRUCTIONS HOW TO POST FREE ADS ON INTERNET.

Database Programming in Java Corresponds with Chapter 32, 33.

Interaction diagrams Sequence and collaboration diagrams.

Detailed design – class design Domain Modeling SE-2030 Dr. Rob Hasker 1 Based on slides written by Dr. Mark L. Hornick Used with permission.

CTI STIX SC Monthly Meeting August 19, 2015.

Functional Question Foundation (Algebra 9) For the week beginning ….

West Virginia University Slide 1 Copyright © K.Goseva 2010 CS 736 Software Performance Engineering Comments on Homework #1  Please revise the solution.

Adding SubtractingMultiplyingDividingMiscellaneous.

CTI STIX SC Monthly Meeting October 21, 2015.

CTI CybOX SC Meeting November 19, 2015.

CTI STIX SC Status Report October 22, 2015.

CTI STIX SC Monthly Meeting December 23, 2015.

网上报账系统包括以下业务：日常报销差旅费报销借款业务 1. 填写报销内容 2. 选择支付方式（或冲销借款） 3. 提交预约单 4. 打印预约单并同分类粘贴好的发票一起送至财务处预约报销步骤：网上报账系统薪酬发放管理系统财务查询系统 1.

Virtual Local Area Networks In Security By Mark Reed.

CSE 373, Copyright S. Tanimoto, 2002 Abstract Data Types - 1 Abstract Data Types Motivation Abstract Data Types Example Using math. functions to describe.

Presentation Title.

Presentation Title.

Chapter 2 (Part 2) Populations.

District and Club database

Welcome to our Breakfast Meeting

Welcome to M301 P2 Software Systems & their Development

Discovering Use Cases.

Step 1 I found it, Now what?.

CTI STIX SC Monthly Meeting

Document Flow Manager 4.10 CEVA Business Users

RTP: A Transport Protocol for Real-Time Applications

Single Sample Registration

What is Environmental Science?

WELCOME TO online forms

Getting started With Linked Data.

COURSE REQUEST INSTRUCTIONS

Some Additional TPC Aspects to Consider

מדינת ישראל הוועדה לאנרגיה אטומית

Briefing on STIX | TAXII

Customized filters and crosswalks

Sequence Diagrams Getting the Message.

CTI Specification Organization

Object Database Queries: OQL

Multiplication of Decimals

Practice with sound recordings

Today’s Question: What’s the difference between a direct metaphor and an implied metaphor? (And why do we care?)

OASIS CTI Face-to-face May 16-17

WELCOME TO OODEJ Ad posting

Sightings and Observations

Fair Quiet for DFS Date: Authors: February 2008

Group 1 Group 1 Group 1 Group 1 word word word word word word word word word word word word word word word word word word word word word word word.

Discovering Use Cases.

Use Case Document Example

CTI STIX SC Monthly Meeting

Datasets in CRM Site Proposal

LiveWire Log in page TIPS

Adding with 9’s.

Adding with 10’s.

CTI STIX SC Monthly Meeting

11 Qualitative v. Quantitative Observations

Instructions for FIELDWORK

Mental Strategies.

Adding ____ + 10.

1st GRADE SIGHT WORDS.

Presentation Title Your information.

HEAT PUMP CITY OF THE YEAR AWARD 2019

Upcoming Events April 1- School Resumes

Of Mice and Men Critical Essay.

Technique_Creator_Name Date Software_Version

This presentation document has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational.

Why we teach you exam skills?

Report results with a title

Interoperabilty Cipher Suites

Presentation transcript:

Top Level Sighting Object Why? No independent way to say ‘I saw this’ Sightings currently buried under Indicator Adding a Sighting means sending updated Indicator If you have 1000 new sightings that’s a lot of Indicators to reissue A top-level Sighting Object allows Sightings to be sent independently

Sighting Object discussion Should a Sighting Object only reference ‘detected’ information (e.g. Observable Instances only) OR Should a Sighting Object reference any other top-level Object (e.g. Threat Actor’s, TTPs, etc) Should a Sighting Object reference some top-level Objects based on STIX model (e.g. Threat Actor’s, TTPs, Indicators, Incident, Report)

Sighting Object possible fields One or more referenced objects (i.e. idref) Sighting Count Timestamp / Time Period Victim Organization information Producer Organization information Sighting Confidence TLP / Data Markings Alternative Sighting ID Sighting Type Title Description Short Description Version

Sighting Object UML Strawman