Presentation is loading. Please wait.

Presentation is loading. Please wait.

CTI CybOX SC Meeting www.oasis-open.org September 24, 2015.

Published byStanley Hodge Modified over 9 years ago

Similar presentations

Presentation on theme: "CTI CybOX SC Meeting www.oasis-open.org September 24, 2015."— Presentation transcript:

1 CTI CybOX SC Meeting www.oasis-open.org September 24, 2015

2 www.oasis-open.org Agenda CybOX Use Case Discussion CybOX 3.0 Object Discussion OASIS Work Product Status & Discussion

3 CybOX Use Cases I Support capture of atomic observable data Support malicious activity detection Support event data correlation and analysis from diverse sensors: network-based endpoint-based

4 CybOX Use Cases II Support capture of endpoint system state data PC-based BIOS state OS state, including artifacts such as:  executable binary formats  kernel artifacts  general endpoint metadata Mobile-based Enable characterization of mobile device state Support malicious activity detection based on the above

5 CybOX Use Cases III Support capture of cyber analysis data from malware analysis filesystem-based artifacts memory-based artifacts network-based artifact digital forensics analysis network metadata filesystem analysis  format-specific metadata (ie,.png,.pdf, etc)  general filesystem metadata memory forensics metadata characterization of analyis tool-specific metadata

6 CybOX 3.0 Objects Refactoring and resolving existing issues with all objects is a significant undertaking Idea: focus on the core set of CybOX objects for the 3.0 release Top 20 objects from the survey Take an 80/20 approach to immediately improve things for most people's use cases Focus on refactoring additional subsets in future releases, i.e.: 3.1: endpoint-specific artifacts 3.2: network-specific artifacts … Users dependent on objects pending refactoring can continue to use the 2.1.x data models http://cyboxproject.github.io/cybox3.0/

7 Points for consideration... Notion of CybOX as the Dewey Decimal System of pwnage If CybOX can characterize bad state, it can also be used to represent healthy baseline state! Rome wasn't built in a day. Hubris doesn't lead to success. Does it really make sense to create XML-based representations of: pcap NetFlow protocol analyzer data YARA etc...? Maybe it makes more sense to encode higher-level metadata in CybOX and embed the rest base64-encoded in a field?

8 Points for consideration... Constrain our focus for success! Forest first, then the trees!

9 So we've been playing with Graphviz...

10 CybOX 2.1 Objects

11 CybOX 3.0 “Core” Objects I (notional)

12 CybOX 3.0 “Core” Objects II (notional)

13 Graphviz analysis, next steps We're finalizing the 2.1 and proposed 3.0 analysis. Once initial analysis completed, both the source and rendered graphs will be posted to http://cyboxproject.github.io/cybox3.0/ for comments and collaboration.http://cyboxproject.github.io/cybox3.0/

14 OASIS Work Product Discussion CybOX 2.1.1 Multi-part specification Part 1: Overview Part 2: Common Part 3: Core Part 4: Default Extensions Part 5: Default Vocabularies Part 6: UML Model Parts 7-94: Objects XML Binding Specification

15 Next meeting Thursday, October 29th @ 1:00pm EDT

Download ppt "CTI CybOX SC Meeting www.oasis-open.org September 24, 2015."

Similar presentations

© 2008 The MITRE Corporation. All rights reserved A Service Oriented Architecture (SOA) Approach to Department of Defense Architecture Framework (DoDAF)

© 2008 The MITRE Corporation. All rights reserved A Service Oriented Architecture (SOA) Approach to Department of Defense Architecture Framework (DoDAF)
Andy Powell, Eduserv Foundation Feb 2007 The Dublin Core Abstract Model – a packaging standard?

Andy Powell, Eduserv Foundation Feb 2007 The Dublin Core Abstract Model – a packaging standard?
Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.
Monnappa KA  Info Security Cisco  Core Member of SecurityXploded  Focus on Threat Intelligence  Reverse Engineering, Malware Analysis,

Monnappa KA  Info Security Cisco  Core Member of SecurityXploded  Focus on Threat Intelligence  Reverse Engineering, Malware Analysis,
Good afternoon. My name is Marek Pawłowski

Good afternoon. My name is Marek Pawłowski
SOAP SOAP is a protocol for accessing a Web Service. SOAP stands for Simple Object Access Protocol * SOAP is a communication protocol * SOAP is for communication.

SOAP SOAP is a protocol for accessing a Web Service. SOAP stands for Simple Object Access Protocol * SOAP is a communication protocol * SOAP is for communication.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
1 Project Smart Metering Portfolio Foundation & DCC Day 1 Updates April 2013.

1 Project Smart Metering Portfolio Foundation & DCC Day 1 Updates April 2013.
Service Oriented Architectures in Heterogeneous Environments

Service Oriented Architectures in Heterogeneous Environments
XML Parsing Using Java APIs AIP Independence project Fall 2010.

XML Parsing Using Java APIs AIP Independence project Fall 2010.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Copyright © 2006, Open Geospatial Consortium, Inc., All Rights Reserved. The OGC and Emergency Services: GML for Location Transport & Formats & Mapping.

Copyright © 2006, Open Geospatial Consortium, Inc., All Rights Reserved. The OGC and Emergency Services: GML for Location Transport & Formats & Mapping.
Digging into Metadata (abridged) Michael Khoo, Xia Lin, Jae-wook Ahn Drexel University, USA Ceri Binding, Douglas Tudhope Hypermedia Research Unit, University.

Digging into Metadata (abridged) Michael Khoo, Xia Lin, Jae-wook Ahn Drexel University, USA Ceri Binding, Douglas Tudhope Hypermedia Research Unit, University.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
2005/05/25 Unified Modeling Lanauage 1 Introduction to Unified Modeling Language (UML) – Part One Ku-Yaw Chang Assistant Professor.

2005/05/25 Unified Modeling Lanauage 1 Introduction to Unified Modeling Language (UML) – Part One Ku-Yaw Chang Assistant Professor.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
A summary of the report written by W. Alink, R.A.F. Bhoedjang, P.A. Boncz, and A.P. de Vries.

A summary of the report written by W. Alink, R.A.F. Bhoedjang, P.A. Boncz, and A.P. de Vries.
An Overview of 3S Technology (GIS/GPS/RS) with an Example of District Transport Master Plan (DTMP) By Binod Dhakal 12/20/2014Binod Dhakal1.

An Overview of 3S Technology (GIS/GPS/RS) with an Example of District Transport Master Plan (DTMP) By Binod Dhakal 12/20/2014Binod Dhakal1.
CTI STIX SC Kickoff Meeting www.oasis-open.org July 16, 2015.

CTI STIX SC Kickoff Meeting July 16, 2015.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.

@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.

Similar presentations

Ads by Google