Presentation is loading. Please wait.

Presentation is loading. Please wait.

STIX Interoperability

Published byJohnathan Simpson Modified over 6 years ago

Similar presentations

Presentation on theme: "STIX Interoperability"— Presentation transcript:

1 STIX Interoperability
Allan Thomson – LookingGlass Jason Keirstead – IBM Rev 2

2 Agenda Charter Review Proposed Plan Radar Items Actions

3 Group Charter The Interoperability SC will help guide adherence to CTI TC-promulgated standards and interoperability between CTI TC standards-based implementations, while encouraging standards maturity throughout the industry. The SC will develop parameters and processes to allow CTI TC members to test/ validate, and where possible measure the maturity of another organization’s implementation. Testing parameters and processes should be straight-forward and objective to provide clear confirmation that minimum standards' requirements have been achieved. Initially, in regard to maturity measurement efforts, the SC will develop guidelines to support a more qualitative review of an implementation. In addition, the SC will identify opportunities and approaches to promoting interoperability with externally-defined cyber threat intelligence standards and frameworks.

4 Questions Q1: Do you agree with the charter as defined?
Strawpoll: (Yes - 20 ; No - 0 ; Unsure/Abstain - 3 ) Q2: Any changes we should adopt? Change “The SC will develop parameters and processes to allow CTI TC members to test/ validate, and where possible measure the maturity of another organization’s implementation” to “The SC will define parameters and processes to enable testing and validation of an implementation”

5 Proposed Plan Define per release target framework – THIS MEETING
Agree on concrete next steps – THIS MEETING POST MEETING Define use cases Define core test specification Define optional test specifications

6 Proposed Group Targets – Every STIX Release
Baseline Target: SPECIFICATIONS Have defined & community approved test specification for feature/profile-based compliance 1 quarter after every release of STIX 2.x Include Good/bad STIX content and use that content for unit tests to test spec compliance Test specification will be driven based on defined 1 or more use cases for the features in that version of STIX Strawpoll: (Yes - 20; No - 0; Unsure/Abstain - 2) Additional Target: Implementation Guide Help industry define/implement products ‘correctly’ Strawpoll: (Yes - ; No - ; Unsure/Abstain - ) Stretch Target: SCRIPTS & TOOLS Have defined/approved publicly available test scripts and tools to allow organizations to self- certify, coincident or 1 month after with the release of the test specification Strawpoll: (Yes - ; No - 1; Unsure/Abstain - )

7 Proposed Target 2.0 Test Specification
1) Test specification for core mandatory features that all producers and consumers must support Will be used as the base criteria for all use case driven testing If a STIX 2.0 capability does not pass this base capability then they are not compliant to the core feature set 2) Test specifications for each agreed optional use case May be separate document or sub-section on a single test specification doc Specification content will include STIX Cyber Observables and all relevant content necessary to have a working interoperability between products at a feature level NOT just a JSON parser compatibility

8 Example Use Cases 1. SHARE INDICATORS VIA FILE
Vendor A product has a set of indicators of IP and/or Domains that are malicious and the organization using the product wants to share those indicators (IP/Domain) with other organizations running Vendor B product. The organization running Vendor A product wishes to export the indicators to a file and the file to their analyst peers who are running Vendor B product who can ingest the file into their product to show the indicators and any specific vendor unique views 2. EXPORTING INDICATORS VIA TAXII INBOX Vendor A product has a set of indicators of IP and/or Domains that are malicious and the organization using the product wants to share those indicators (IP/Domain) with other organizations running Vendor B product.. The organization running Vendor A product wishes to export the indicators to the other product via TAXII. Vendor A product knows the URL/IP for the TAXII server of the other organization and chooses that vendors TAXII server from a selector when exporting the indicators. The analyst peers running the other Vendor B product are able to view those shared indicators received via TAXII in Vendor B’s product UI. 3. INDICATOR SHARING VIA TAXII FEED The organization running Vendor A product allows other products to subscribe to these indicators using TAXII. Vendor B product knows the URL/IP for the TAXII server of Vendor A’s TAXII endpoint. The analyst peers running the other Vendor B product are able to view ingest shared indicators received via TAXII in Vendor B’s product UI. 4. INDICATOR DATA FEED SHARING Vendor A has a threat intelligence data feed supporting STIX based indicators that can be ingested into Vendor B’s product to visualize, analyze….etc. The data feed represents Vendor A’s sensor and collection capabilities across a specific vertical market of threat collection that they sell to customers to utilize in their threat analysis or operational environments. Vendor A supports data feed sharing via proprietary HTTP RESTful interface. NOTE: May need to be TAXII server for the data feed but not sure what feed vendors that are participating support TAXII for their data versus a HTTP proprietary interface.

9 Radar Items Plugfest schedule and events
Very useful way to get high bandwidth engagement on interop issues between products Goal to schedule them every 6-12 months at least based on latest STIX versions Discuss responsibilities of InterOp group on verification of self- certification results and display of approved tools/products on OASIS site

10 Call to Action Q: Who is willing to participate in creation of use case document? <list of names> Q: Who wants to participate in creation of core test specification? Q: Who wants to participate in creation of optional test specifications?

Download ppt "STIX Interoperability"

Similar presentations

Advocating BACnet Advocating BACnet Jim Lee. BACnet Advocacy and Testing b BACnet Manufacturers Association b BACnet Testing Laboratories b BACnet Interest.

Advocating BACnet Advocating BACnet Jim Lee. BACnet Advocacy and Testing b BACnet Manufacturers Association b BACnet Testing Laboratories b BACnet Interest.
Interoperability with CMIS and Apache Chemistry

Interoperability with CMIS and Apache Chemistry
CTI STIX SC Kickoff Meeting www.oasis-open.org July 16, 2015.

CTI STIX SC Kickoff Meeting July 16, 2015.
SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.

SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.
13 September 2015 AllSeen Alliance 1 C&C Working Group Meeting 16 JULY 2014.

13 September 2015 AllSeen Alliance 1 C&C Working Group Meeting 16 JULY 2014.
© 2011 IBM Corporation OSLC Communications Workgroup 15 September 2011.

© 2011 IBM Corporation OSLC Communications Workgroup 15 September 2011.
Copyright © 2004 by The Web Services Interoperability Organization (WS-I). All Rights Reserved 1 Interoperability: Ensuring the Success of Web Services.

Copyright © 2004 by The Web Services Interoperability Organization (WS-I). All Rights Reserved 1 Interoperability: Ensuring the Success of Web Services.
1 Synchronize work on DEXs and reference data between PLCS pilots and OASIS/PLCS - Proposed PLCS TC Organization and Functional Responsibilities.

1 Synchronize work on DEXs and reference data between PLCS pilots and OASIS/PLCS - Proposed PLCS TC Organization and Functional Responsibilities.
OpenSG Conformity IPRM Overview July 20, 2011. ITCA goals under the IPRM at a high level and in outline form these include: Organize the Test and Certification.

OpenSG Conformity IPRM Overview July 20, ITCA goals under the IPRM at a high level and in outline form these include: Organize the Test and Certification.
CTI STIX SC Monthly Meeting www.oasis-open.org August 19, 2015.

CTI STIX SC Monthly Meeting August 19, 2015.
FIMS Repository Interface Project Update 01/23/2013.

FIMS Repository Interface Project Update 01/23/2013.
1 Open Systems Defined. 2 Some Definitions Open device - a control device with local intelligence which leverages the use of a standard, common protocol.

1 Open Systems Defined. 2 Some Definitions Open device - a control device with local intelligence which leverages the use of a standard, common protocol.
Targets for project progress 2015: graduation review – clear documentation and PoC implementation specify general framework and API requirements gap analysis.

Targets for project progress 2015: graduation review – clear documentation and PoC implementation specify general framework and API requirements gap analysis.
Sprint 102 Review / Sprint 103 Planning March 11, 2013.

Sprint 102 Review / Sprint 103 Planning March 11, 2013.
CTI Technical Committee Convener Call 11 May 2015 1.

CTI Technical Committee Convener Call 11 May
10-1 © Prentice Hall, 2004 Chapter 10: Selecting the Best Alternative Design Strategy Object-Oriented Systems Analysis and Design Joey F. George, Dinesh.

10-1 © Prentice Hall, 2004 Chapter 10: Selecting the Best Alternative Design Strategy Object-Oriented Systems Analysis and Design Joey F. George, Dinesh.
TAXII SC Call 2015-10-13. Agenda Administrivia Month Behind Discussion Month Ahead.

TAXII SC Call Agenda Administrivia Month Behind Discussion Month Ahead.
CTI STIX SC Status Report www.oasis-open.org October 22, 2015.

CTI STIX SC Status Report October 22, 2015.
Sprint 113 Review / Sprint 114 Planning August 12th, 2013.

Sprint 113 Review / Sprint 114 Planning August 12th, 2013.
1 Options Clearing Corporation Encore Data Distribution Services April 22, 2004.

1 Options Clearing Corporation Encore Data Distribution Services April 22, 2004.

Similar presentations

Ads by Google