Presentation is loading. Please wait.

Presentation is loading. Please wait.

CTI CybOX SC Meeting www.oasis-open.org August 27, 2015.

Published byRoger James Modified over 9 years ago

Similar presentations

Presentation on theme: "CTI CybOX SC Meeting www.oasis-open.org August 27, 2015."— Presentation transcript:

1 CTI CybOX SC Meeting www.oasis-open.org August 27, 2015

2 www.oasis-open.org Agenda n CybOX Object Survey Results n OASIS Work Product Status & Discussion n CybOX Use Case Discussion n Recent Discussion Topics

3 Object Survey Results I ObjectCount% of Total Responses Address Object2769.23 Domain Name Object2666.67 Email Message Object2461.54 File Object2461.54 URI Object2256.41 Hostname Object1948.72 Port Object1743.59 Network Connection Object1641.03 Process Object1538.46 Win Registry Key Object1538.46 DNS Record Object1230.77 HTTP Session Object1230.77 Win Executable File Object1128.21 X509 Certificate Object1128.21 Artifact Object1025.64 Network Subnet Object1025.64 Socket Address Object1025.64 System Object1025.64 User Account Object1025.64 Win File Object1025.64 Top 10

4 Object Survey Results II ObjectCount% of Total Responses Network Route Entry Object25.13 Pipe Object25.13 Unix Network Route Entry Object25.13 Win Kernel Hook Object25.13 Win Network Route Entry Object25.13 Win Pipe Object25.13 Win Volume Object25.13 Semaphore Object12.56 Unix Pipe Object12.56 Volume Object12.56 Win Critical Section Object12.56 Win Kernel Object12.56 Win Memory Page Region Object12.56 Win Semaphore Object12.56 Win System Restore Object12.56 Disk Partition Object00.00 GUI Dialogbox Object00.00 GUI Object00.00 GUI Window Object00.00 Win Mailslot Object00.00 Win Waitable Timer Object00.00 Bottom 10

5 OASIS Work Products n CybOX 2.1.1: multi-part specification l Overview l Core l Common l Objects* n XML binding specification l Includes reference implementation n CybOX 2.1.1 XSDs l Vocabularies l Extensions l UML Model

6 CybOX Use Cases I n Core vision l Representation of cyber observables, including both static and dynamic l Specification of patterns on cyber observables l Extensibility to allow for representation of custom/specialized cyber observables

7 CybOX Use Cases II n Domains l Indicator sharing l Incident response l Malware analysis l Digital forensics l Others n Data sources l Sensors l Systems l Others

8 Recent Discussion Topics n On GitHub: https://github.com/CybOXProject/schemas/issues https://github.com/CybOXProject/schemas/issues l Lists in CybOX Object fields l Atomic vs. Abstract CybOX Objects l Duplicate/Overlapping CybOX Objects l Separate Patterns and Instances in CybOX Observables and Objects

9 Next meeting n Thursday, September 24 th @ 4:00pm EDT

Download ppt "CTI CybOX SC Meeting www.oasis-open.org August 27, 2015."

Similar presentations

Malware Artifacts.

Malware Artifacts.
A component- and message-based architectural style for GUI software

A component- and message-based architectural style for GUI software
CSE 8343 – Adv. OS Group A5 Proposal for Paper Presentation I & II and Survey paper I.

CSE 8343 – Adv. OS Group A5 Proposal for Paper Presentation I & II and Survey paper I.
Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.

Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.
DNR-322L & DNR-326.

DNR-322L & DNR-326.
1 Module 1 The Windows NT 4.0 Environment. 2  Overview The Microsoft Operating System Family Windows NT Architecture Overview Workgroups and Domains.

1 Module 1 The Windows NT 4.0 Environment. 2  Overview The Microsoft Operating System Family Windows NT Architecture Overview Workgroups and Domains.
计算机系 信息处理实验室 Lecture 11 Security

计算机系 信息处理实验室 Lecture 11 Security
1 Case Study 2: Windows 2000 Chapter 11 11.1 History of windows 2000 11.2 Programming windows 2000 11.3 System structure 11.4 Processes and threads in.

1 Case Study 2: Windows 2000 Chapter History of windows Programming windows System structure 11.4 Processes and threads in.
Home: www.cse.dmu.ac.uk/~pkang Phones OFF Please Unix Kernel Parminder Singh Kang Home: www.cse.dmu.ac.uk/~pkang Email: pkang@dmu.ac.uk.

Home: Phones OFF Please Unix Kernel Parminder Singh Kang Home:
CS-3013 & CS-502, Summer 2006 Review Topics1 CS-3013 & CS-502 Operating Systems.

CS-3013 & CS-502, Summer 2006 Review Topics1 CS-3013 & CS-502 Operating Systems.
OPERATING SYSTEMS Introduction

OPERATING SYSTEMS Introduction
Processes in Unix, Linux, and Windows CS-502 Fall 20071 Processes in Unix, Linux, and Windows CS502 Operating Systems (Slides include materials from Operating.

Processes in Unix, Linux, and Windows CS-502 Fall Processes in Unix, Linux, and Windows CS502 Operating Systems (Slides include materials from Operating.
Mining Metamodels From Instance Models: The MARS System Faizan Javed Department of Computer & Information Sciences, University of Alabama at Birmingham.

Mining Metamodels From Instance Models: The MARS System Faizan Javed Department of Computer & Information Sciences, University of Alabama at Birmingham.
Internet Basics.

Internet Basics.
Technical Overview Qube 2. Presentation I. Solutions –A Gateway to the World –A Business Server –An Internet Server –An Email Server II. Concept –Server.

Technical Overview Qube 2. Presentation I. Solutions –A Gateway to the World –A Business Server –An Internet Server –An Server II. Concept –Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Mastering Windows Network Forensics and Investigation Chapter 11: Text Based Logs.

Mastering Windows Network Forensics and Investigation Chapter 11: Text Based Logs.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
CS252: Systems Programming Ninghui Li Final Exam Review.

CS252: Systems Programming Ninghui Li Final Exam Review.
Lead from the front Texas Nodal 1 EDS 3R5 Phase 1 Testing Detailed Approach and Demonstration August 16, 2007.

Lead from the front Texas Nodal 1 EDS 3R5 Phase 1 Testing Detailed Approach and Demonstration August 16, 2007.

Similar presentations

Ads by Google