Hi!,
Can I add my voice in here as well and say that “Confidence” and also having an “Opinion” about Threat Intelligence is very important and is a concept that
we use quite heavily when we are exchanging threat intelligence with other financial organisations and dealing with threat data that comes in via 3 rd parties and intelligence sources.
Can we please ensure that this is included in the agenda and discussed at the meeting ?
Regards,
Dean
From:
cti@lists.oasis-open.org [mailto:
cti@lists.oasis-open.org]
On Behalf Of Terry MacDonald
Sent: Wednesday, 7 September 2016 8:18 AM
To:
cti@lists.oasis-open.org;
cti-stix@lists.oasis-open.org Subject: Re: [cti] CTI Brussels F2F Meeting...RSVP deadline 5 September
Please say that we are including confidence and opinion object in STIX 2.1 candidate smackdown agenda item at the F2F.
We just can't treat everything that people send out as the absolute truth as we do in STIX 2.0. There is a reason things like the admiralty code were developed.... and that's because threat intelligence is always someone's opinion.We need
a way for the consumer to understand how confident the producer is in the threat intelligence they are sending. It's up to the consumer to determine if they believe that its the truth, and they need various ways to determine this. That's a ton easier if the
person who sent the threat intelligence to you tells you how much they trust the intelligence and trust the source of the intelligence with some form of confidence field.....
I really, really believe this is critical for STIX to work properly, and it was something that made it possible for STIX to automatically be pushed out to the different security tools within an organization (e.g. high confidence DNS to
the DNS RPZ block, low confidence to the alerting on the passive DNS).
These are so easy to add to STIX, we would be remiss to skip it.
Cheers
Terry MacDonald Chief Product Officer
M: +64 211 918 814
E:
terry.macdonald@cosive.com W:
www.cosive.com On Fri, Sep 2, 2016 at 8:53 AM, Jane Harnad <
jharnad@oasis-open.org > wrote:
Dear CTI Members,
The CTI TC F2F meeting is scheduled for Wednesday, 7 September at the Thon EU Hotel , Germany Room .
Lunch and refreshments will be provided by OASIS. A headcount is needed ASAP. Below is a list of individuals that replied to the last RSVP request. If you don't see your name and do plan to participate in either the F2F meeting or group dinner, please send
your RSVP no later than 5 September.
Remote access is available to TC members unable to attend in person.
Login details are:
https://global.gotomeeting.com/join/978573765 You can also dial in using your phone.
United States (Toll-free): 1 866 899 4679
United States
+1 (646) 749-3117
Access Code: 978-573-765
Proposed agenda is attached.
Details on group dinner option : CTI members are invited to sign up to attend a group dinner on Wednesday
evening after the F2F. Family members and/or guests traveling along with you are also invited to join us. This is not a hosted dinner, so each participant (and their guests) will be responsible for covering the costs associated with their dinner. Please be
sure to confirm the number of guests.
Thanks so much and we look forward to seeing you all in Brussels!
Regards, Jane
**F2F/Dinner Attendees
Bret Jordan
Alexandre Dulaunoy
Raymon van der Velde
Ryusuke Masuoka
Kazuo Noguchi
Jason Keirstead
Jerome Athias
Allan Thomson
Daniel Riedel
John-Mark Gurney
Carol Geyer
Richard Struse
Joerg Eschweiler
Trey Darley
Marko Dragoljevic
Sergey Polzunov
Aukjan van Belkum
Wouter Bolsterlee
Andras Iklody
Mark Davidson
Masato Terada
--
Jane Harnad
Manager, Events
OASIS Advancing open standards for the information society
+1.781.425.5073 x214 (Office)
http://www.oasis-open.org Join OASIS at:
Borderless Cyber Europe 8-9 Sept Brussels
Borderless Cyber Asia 1-2
Nov Tokyo
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php This e-mail and any attachments to it (the Communication ) is, unless otherwise stated, confidential, may contain copyright material and is for the use only of the intended recipient. If you receive the Communication in error, please notify the sender immediately by return e-mail, delete the Communication and the return e-mail, and do not read, copy, retransmit or otherwise deal with it. Any views expressed in the Communication are those of the individual sender only, unless expressly stated to be those of Australia and New Zealand Banking Group Limited ABN 11 005 357 522, or any of its related entities including ANZ Bank New Zealand Limited (together ANZ ). ANZ does not accept liability in connection with the integrity of or errors in the Communication, computer virus, data corruption, interference or delay arising from or in respect of the Communication.