OASIS Cyber Threat Intelligence (CTI) TC

 View Only
  • 1.  STIX Confidence proposal nearing completion

    Posted 02-27-2017 16:49
    All,   We feel that we have reached a general consensus on the approach for confidence. In following with the procedure outlined in the CTI meeting last Thursday, we are bringing this topic to the list for any other changes and comments.   If you haven’t had a chance to review it yet, the proposal is located here: https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.th8nitr8jb4k     A summary of the approach:   An optional confidence property will be added to each SDO. This confidence value indicates the producer’s confidence in the correctness of their data. Confidence MUST be an integer value in the range 0-100. An appendix will be provided that contains normative mappings to other scales like low/med/high, 0-10, Words of Estimative Probability (WEP), and Admiralty credibility. These mappings MUST be used if any scale not 0-100 is used.   If you have not had a chance to review the proposal, please do so before Wednesday March 1 st . At that point, we will be moving confidence into the STIX 2.1 spec. While this does not mean that additional changes cannot be made, we would prefer to make any major revisions before the proposal goes into the working 2.1 specification.   Thanks,   Sarah Kelley Senior Cyber Threat Analyst Center for Internet Security (CIS) Integrated Intelligence Center (IIC) Multi-State Information Sharing and Analysis Center (MS-ISAC) 1-866-787-4722 (7×24 SOC) Email:  cert@cisecurity.org www.cisecurity.org Follow us @CISecurity   This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. . . .


  • 2.  Re: STIX Confidence proposal nearing completion

    Posted 02-27-2017 17:56
    After reviewing this, I think we should actually have a call to go through the mappings.  I do not think they are yet ready for prime time. Bret From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Sarah Kelley <Sarah.Kelley@cisecurity.org> Sent: Monday, February 27, 2017 9:49:17 AM To: cti@lists.oasis-open.org Subject: [cti] STIX Confidence proposal nearing completion   All,   We feel that we have reached a general consensus on the approach for confidence. In following with the procedure outlined in the CTI meeting last Thursday, we are bringing this topic to the list for any other changes and comments.   If you haven’t had a chance to review it yet, the proposal is located here: https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.th8nitr8jb4k     A summary of the approach:   An optional confidence property will be added to each SDO. This confidence value indicates the producer’s confidence in the correctness of their data. Confidence MUST be an integer value in the range 0-100. An appendix will be provided that contains normative mappings to other scales like low/med/high, 0-10, Words of Estimative Probability (WEP), and Admiralty credibility. These mappings MUST be used if any scale not 0-100 is used.   If you have not had a chance to review the proposal, please do so before Wednesday March 1 st . At that point, we will be moving confidence into the STIX 2.1 spec. While this does not mean that additional changes cannot be made, we would prefer to make any major revisions before the proposal goes into the working 2.1 specification.   Thanks,   Sarah Kelley Senior Cyber Threat Analyst Center for Internet Security (CIS) Integrated Intelligence Center (IIC) Multi-State Information Sharing and Analysis Center (MS-ISAC) 1-866-787-4722 (7×24 SOC) Email:  cert@cisecurity.org www.cisecurity.org Follow us @CISecurity   This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. . . .