Hi Joshua,
We are using ontologies based on STIX, CYBOX, CIQ, etc to enable standards
based Object-Based Production (OBP) of cyber security data and information
into a knowledge and activity graph to automate analytic pivoting and
enable Activity-Based Intelligence reasoning using description logic. This
is the same technology based approach using ontologies that enable OBP/ABI
in the DOD/IC on ICITE and is used in efforts like the National Map.
https://cegis.usgs.gov/ontology.htmlPlease feel free to reach out if you'd like to discuss this further.
Shawn
Shawn Riley
DarkLight Cyber
shawn.p.riley@darklightcyber.comOn Mon, Feb 6, 2017 at 10:00 AM, <
Elihu.E.El@nga.mil> wrote:
> Classification: UNCLASSIFIED
> ======================================================
>
> ...I understand. That is great. We are working on the application to
> actually map objects. Since we are using Lean Startup, would you kindly
> forward your contact information to Joshua. This will enable to conduct
> the appropriate interviews.
>
> Continued Regards,
> Eli
>
>
>
>
Original Message-----
> From: Allan Thomson [mailto:athomson@lookingglasscyber.com]
> Sent: Monday, February 06, 2017 10:14 AM
> To: El Elihu E Mr NGA-XFI USA CIV <Elihu.E.El@nga.mil>;
> Bret_Jordan@symantec.com; cti-cybox@lists.oasis-open.org;
> cti-stix@lists.oasis-open.org; cti-users@lists.oasis-open.org;
> Jason.Keirstead@ca.ibm.com; Richard.Struse@hq.dhs.gov;
> terry.macdonald@cosive.com; terry.macdonald@gmail.com
> Subject: [Non-DoD Source] Re: [cti-users] Geotagging STIX Objects
>
> This email was sent from a non-Department of Defense email account, and
> contained active links. Please verify the identity of the sender, and
> confirm authenticity of all links contained within the message.
>
>
>
> This email was sent from a non-Department of Defense email account, and
> contained active links. Please verify the identity of the sender, and
> confirm authenticity of all links contained within the message.
>
>
>
> This email was sent from a non-Department of Defense email account, and
> contained active links. Please verify the identity of the sender, and
> confirm authenticity of all links contained within the message.
>
>
>
> Adding location to the STIX model is part of the goals for STIX 2.1
> specification version.
>
> This would provide the capability that you suggest (and some).
>
> allan
>
> On 2/6/17, 6:30 AM, "cti-users@lists.oasis-open.org on behalf of
> Elihu.E.El@nga.mil" <cti-users@lists.oasis-open.org on behalf of
> Elihu.E.El@nga.mil> wrote:
>
> Classification: UNCLASSIFIED
> ======================================================
>
> Good Morning Team,
>
> I hope that the day has gotten off to a good start for each of you.
> Geotags enable objects to be plotted on a map similar to this:
> Caution-images.teamsugar.com/files/users/2/22911/39_2007/maps_1.jpg
>
> The ideal geotag would include x, y, and z values as well as temporal
> data and object height. We are working on a project to geotag and render
> STIX documents on a map. We are the CyberShock group. STIX objects such
> as Observable Instances, Exploit Targets, Threat Actors, etc. can all be
> geotagged. The MVP and documentation is on the high-side. We need your
> feedback and suggestions. Would you kindly share your contact information
> with Joshua so that we may ensure a prompt followup:
> Joshua Jackson
> Senior Systems Engineer
> Mainstreaming Capabilities Division (TAIM)
> Enterprise Innovation Office (TAI)
> National Geospatial-Intelligence Agency (NGA)
> Joshua.M.Jackson@NGA.mil
> Joshua.M.Jackson@NGA.IC.gov
> Open: 571-557-9849
> Secure: 578-9849
>
> Warm Regards,
> Eli
>
>
> Elihu Eli El, Scrum, Safe Agile, ITIL
> Systems Engineer
> NGA XFI
> Unclassified: 571-558-4351
> Secure: 579-4351
> Elihu.E.El@nga.mil
> GSM: Caution-www.geoint.community/
> ======================================================
> Classification: UNCLASSIFIED
>
>
>
> ======================================================
> Classification: UNCLASSIFIED
>
>