OASIS Cyber Threat Intelligence (CTI) TC

Allan
 
This is great work and I m looking forward to the working call on Tuesday, October 6 th !
 
Thank you,
Rich
 

From: <cti@lists.oasis-open.org> on behalf of aa tt <atcyber1000@gmail.com>
Date: Tuesday, September 29, 2020 at 5:35 PM
To: <cti@lists.oasis-open.org>
Subject: [EXT] [cti] Re: Extension proposal draft in STIX2.1


 

All - I would like to bring attention to some enhancements to the extension proposal (pun intended :-)) that were recently updated (today).

 


Upon review of the proposal it was thought that it would be useful to allow an extension to include the option for both new object(s) as well as additions to existing objects for SDO, SCO and SRO.


 


Therefore, when declaring an extension the option to define that it includes those multiple options was desired.


 


The change was to update the specification of the extension declaration object, from a boolean property to a list property which declares what options were included in the extension. 


 


To support this change we added an enumeration for all types of extensions in section 10.


 


The working call next Tuesday will cover the proposal as well as any further feedback. Please come prepared or post to the email list with your feedback.


 




Allan








On Sep 25, 2020, at 9:41 AM, aa tt < atcyber1000@gmail.com > wrote:

 



All - We have updated a draft version of STIX2.1 to include the changes for STIX Extensions.

 


Document Link:



https://docs.google.com/document/d/1akN-z2-jciFIBAcuMLagcaWWYPmfv_j83jVoikPUXD8/edit?ts=5f652326#


 



Change summary.

 


- Section 3.2


- Section 7 (new object called Extension inserted after marking definition), Section 7.1.1, Section 7.2.1.1


- Section 11


- Section 12.3.3/Section 12.3.4


 


Also look at the google doc comment history. It has all the changes and you can just click on each one to take you to the specific details.


 


There will be a separate TC working call to review any further changes but any comments posted in google doc would be greatly accelerate the review.


 


Thanks


 


Allan (on behalf of the SEP proponents)






 


 








 







 

Hi TC,
 
Would a Word/PDF copy of the proposal be sent out to ensure those without access to Google Drive will have access the document?
 
Thanks,
 
-Marlon
 


From: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
On Behalf Of Richard J Struse
Sent: Thursday, October 1, 2020 7:38 AM
To: aa tt <atcyber1000@gmail.com>; cti@lists.oasis-open.org
Subject: [cti] Re: [EXT] [cti] Re: Extension proposal draft in STIX2.1


 

CAUTION:
This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns.


 

Allan
 
This is great work and I m looking forward to the working call on Tuesday, October 6 th !
 
Thank you,
Rich
 

From: < cti@lists.oasis-open.org > on behalf of aa tt < atcyber1000@gmail.com >
Date: Tuesday, September 29, 2020 at 5:35 PM
To: < cti@lists.oasis-open.org >
Subject: [EXT] [cti] Re: Extension proposal draft in STIX2.1


 

All - I would like to bring attention to some enhancements to the extension proposal (pun intended :-)) that were recently updated (today).

 


Upon review of the proposal it was thought that it would be useful to allow an extension to include the option for both new object(s) as well as additions to existing objects for SDO, SCO and SRO.


 


Therefore, when declaring an extension the option to define that it includes those multiple options was desired.


 


The change was to update the specification of the extension declaration object, from a boolean property to a list property which declares what options were included in the extension. 


 


To support this change we added an enumeration for all types of extensions in section 10.


 


The working call next Tuesday will cover the proposal as well as any further feedback. Please come prepared or post to the email list with your feedback.


 




Allan



 


On Sep 25, 2020, at 9:41 AM, aa tt < atcyber1000@gmail.com > wrote:

 



All - We have updated a draft version of STIX2.1 to include the changes for STIX Extensions.

 


Document Link:



https://docs.google.com/document/d/1akN-z2-jciFIBAcuMLagcaWWYPmfv_j83jVoikPUXD8/edit?ts=5f652326#


 



Change summary.

 


- Section 3.2


- Section 7 (new object called Extension inserted after marking definition), Section 7.1.1, Section 7.2.1.1


- Section 11


- Section 12.3.3/Section 12.3.4


 


Also look at the google doc comment history. It has all the changes and you can just click on each one to take you to the specific details.


 


There will be a separate TC working call to review any further changes but any comments posted in google doc would be greatly accelerate the review.


 


Thanks


 


Allan (on behalf of the SEP proponents)






 


 








 







 

Hi, y'all - Just wanted to remind everybody of today's TC working call focused on the STIX Extensions proposal. And since Allan graciously reminded me that some of you aren't able to access Google Docs due to work security policies, I'm attaching the Google Doc with all the comments and track changes as it was just a moment ago when I exported it. Looking forward to catching up with y'all in a few hours! -- Cheers, Trey Darley Co-chair, OASIS CTI TC -- Nullum magnum ingenium sine mixtura dementiae fuit. --Seneca -- CERT.be / Centre for Cyber Security Belgium Mail: trey.darley@cert.be GPG: CA5B 29E4 937E 151E 2550 6607 AE9A 7FF2 8000 0E4E Web: https://www.cert.be -- Under the authority of the Prime Minister rue de la Loi 16/Wetstraat 16, 1000 Brussels - Belgium Attachment: stix-v2.1-cs02.docx Description: application/vnd.openxmlformats-officedocument.wordprocessingml.document Attachment: signature.asc Description: PGP signature