OASIS Cyber Threat Intelligence (CTI) TC

 View Only

STIX 2.1 & Cyber Observables

  • 1.  STIX 2.1 & Cyber Observables

    Posted 12-22-2016 16:55




    All,
     
    As we discussed on the call last week, Trey and I have been thinking over some possibilities as far as new additions for Cyber Observables in 2.1. Here’s the list that we’ve put together – note that this is
    meant to be a strawman so that we can start having the discussion about what you (the community) wants to see in 2.1 as far as Cyber Observables:
     




    Entity Type


    Entity




    New Objects


    Device
       - Mobile Device Ext.
       - Mobile Phone Ext.
       - Virtualization Ext.




    Operating System




    WHOIS




    SMS
       - MMS Ext.




    Network Share




    New Object Extensions


    Android APK (File Object Ext.)




    Apple iOS (File Object Ext.)




    EXT 3/4 (File Object Ext.)




    Document Metadata (File Object Ext.)




    HTTP Response (Network Traffic Ext.)




    Other Entities


    Actions




     
    If you have any thoughts on things you want to see in 2.1 for Cyber Observables, please bring them up – we’re very open to any suggestions and ideas.
     
    Happy Holidays!
    Ivan and Trey