OASIS Cyber Threat Intelligence (CTI) TC

 View Only
  • 1.  Proposal of confidence level using MISP taxonomies

    Posted 09-12-2016 15:36
      |   view attached
    Dear, Following the recent and good discussions at the TC, here is a proposal of confidence level that we will implement in MISP via the misp-taxonomies: { "predicate": "confidence-level", "entry": [ { "expanded": "Completely confident", "value": "completely-confident", "numerical_value": 100 }, { "expanded": "Usually confident", "value": "usually-confident", "numerical_value": 75 }, { "expanded": "Fairly confident", "value": "fairly-confident", "numerical_value": 50 }, { "expanded": "Rarely confident", "value": "rarely-confident", "numerical_value": 25 }, { "expanded": "Unconfident", "value": "unconfident", "numerical_value": 0 }, { "expanded": "Confidence cannot be evaluated", "value": "confidence-cannot-be-evalued" } ] } https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31 Feedback welcome. I also included the original slides I gave during the TC in Brussels. I'll summarize the various options of integration with the taxonomies in STIX in another email. Cheers. -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg info@circl.lu - www.circl.lu Attachment: misp-OASIS-TC-Brussels-2016.pdf Description: Adobe PDF document

    Attachment(s)



  • 2.  Re: [cti] Proposal of confidence level using MISP taxonomies

    Posted 09-12-2016 17:09
    For the numerical value of " Confidence cannot be evaluated ", could we use "-1" ? - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown Alexandre Dulaunoy ---09/12/2016 12:36:12 PM---Dear, Following the recent and good discussions at the TC, here is a proposal of confidence From: Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu> To: cti-stix@lists.oasis-open.org, OASIS CTI TC Discussion List <cti@lists.oasis-open.org> Date: 09/12/2016 12:36 PM Subject: [cti] Proposal of confidence level using MISP taxonomies Sent by: <cti@lists.oasis-open.org> Dear, Following the recent and good discussions at the TC, here is a proposal of confidence level that we will implement in MISP via the misp-taxonomies: {     "predicate": "confidence-level",     "entry": [        {          "expanded": "Completely confident",          "value": "completely-confident",          "numerical_value": 100        },        {          "expanded": "Usually confident",          "value": "usually-confident",          "numerical_value": 75        },        {          "expanded": "Fairly confident",          "value": "fairly-confident",          "numerical_value": 50        },        {          "expanded": "Rarely confident",          "value": "rarely-confident",          "numerical_value": 25        },        {          "expanded": "Unconfident",          "value": "unconfident",          "numerical_value": 0        },        {          "expanded": "Confidence cannot be evaluated",          "value": "confidence-cannot-be-evalued"        }     ] } https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31 Feedback welcome. I also included the original slides I gave during the TC in Brussels. I'll summarize the various options of integration with the taxonomies in STIX in another email. Cheers. -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg info@circl.lu - www.circl.lu [attachment "misp-OASIS-TC-Brussels-2016.pdf" deleted by Jason Keirstead/CanEast/IBM] --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php  


  • 3.  Re: [cti] Proposal of confidence level using MISP taxonomies

    Posted 09-12-2016 17:09
    For the numerical value of " Confidence cannot be evaluated ", could we use "-1" ? - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown Alexandre Dulaunoy ---09/12/2016 12:36:12 PM---Dear, Following the recent and good discussions at the TC, here is a proposal of confidence From: Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu> To: cti-stix@lists.oasis-open.org, OASIS CTI TC Discussion List <cti@lists.oasis-open.org> Date: 09/12/2016 12:36 PM Subject: [cti] Proposal of confidence level using MISP taxonomies Sent by: <cti@lists.oasis-open.org> Dear, Following the recent and good discussions at the TC, here is a proposal of confidence level that we will implement in MISP via the misp-taxonomies: {     "predicate": "confidence-level",     "entry": [        {          "expanded": "Completely confident",          "value": "completely-confident",          "numerical_value": 100        },        {          "expanded": "Usually confident",          "value": "usually-confident",          "numerical_value": 75        },        {          "expanded": "Fairly confident",          "value": "fairly-confident",          "numerical_value": 50        },        {          "expanded": "Rarely confident",          "value": "rarely-confident",          "numerical_value": 25        },        {          "expanded": "Unconfident",          "value": "unconfident",          "numerical_value": 0        },        {          "expanded": "Confidence cannot be evaluated",          "value": "confidence-cannot-be-evalued"        }     ] } https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31 Feedback welcome. I also included the original slides I gave during the TC in Brussels. I'll summarize the various options of integration with the taxonomies in STIX in another email. Cheers. -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg info@circl.lu - www.circl.lu [attachment "misp-OASIS-TC-Brussels-2016.pdf" deleted by Jason Keirstead/CanEast/IBM] --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php