CTI STIX Subcommittee

  • 1.  Tool alphatest

    Posted 10-30-2015 10:33
    -- No commercial intention in there -- I have been working on GUI mockups for STIX data manipulation. (because i hate editing xml with vi) While i prefer to directly build 'usable' GUI, using an IDE, than mockups 'on paper', i built a little tool to figure out how to graphically represent STIX from a human user point of view. So what does this tool? In short: Nothing Yep, nothing for now. But; it helped me to identify the relationships (and potential 'complexity') between the objects, and identify where concepts/objects are (re)used. And i think it will help in the current context of simplification/refactoring/abstraction (top-level objects, constructs...) It is alpha stage (and intended to be free. and could be renamed due to Trademarks), but comes with some top objects kind of fully represented. Because it's becoming quite heavy interface, i prefer sharing the binary that spending hours doing screenshots. So in case of any interest, let me know off-list. Meantime, if such a tool is already available in like an HTMLv5 form, please let me know PS: just few screenshots attached Attachment: SB_Campaign.png Description: PNG image Attachment: SB_COA.png Description: PNG image Attachment: SB_Exploit_Target.png Description: PNG image Attachment: SB_Incident.png Description: PNG image Attachment: SB_Indicator.png Description: PNG image Attachment: SB_Threat_Actor.png Description: PNG image Attachment: SB_TTP.png Description: PNG image


  • 2.  Re: [cti-stix] Tool alphatest

    Posted 10-30-2015 11:06
    On 30.10.2015 13:33:24, Jerome Athias wrote: > > So in case of any interest, let me know off-list. > Meantime, if such a tool is already available in like an HTMLv5 form, > please let me know > > PS: just few screenshots attached Nice work, Jerome! Judging by the screenshots, looks great! Does this live somewhere on Github, perchance? Since you asked whether there's a web-based tool that provides similar functionality, I'll briefly put on my vendor hat and say that what you've shared looks very similar to Soltra Edge's STIX Builder. If you haven't played around with Edge yet, it's something to consider. Note that Edge is free (as in beer, not speech.) Just register an account on forums.soltra.com and download the vm. /me removes vendor hat... -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra An FS-ISAC & DTCC Company www.soltra.com -- "In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away." --RFC 1925 Attachment: signature.asc Description: PGP signature


  • 3.  Re: [cti-stix] Tool alphatest

    Posted 10-30-2015 13:46
    so I put that here as a win32 executable https://github.com/athiasjerome/XORCISM/tree/master/STIXBuilder Again, it's just a GUI with no real functionality for now The differentiator I would say is that I am putting *all* the fields of the STIX Data Model. "THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." 2015-10-30 14:05 GMT+03:00 Trey Darley <trey@soltra.com>: > On 30.10.2015 13:33:24, Jerome Athias wrote: >> >> So in case of any interest, let me know off-list. >> Meantime, if such a tool is already available in like an HTMLv5 form, >> please let me know >> >> PS: just few screenshots attached > > Nice work, Jerome! Judging by the screenshots, looks great! Does this > live somewhere on Github, perchance? > > Since you asked whether there's a web-based tool that provides similar > functionality, I'll briefly put on my vendor hat and say that what > you've shared looks very similar to Soltra Edge's STIX Builder. If you > haven't played around with Edge yet, it's something to consider. > > Note that Edge is free (as in beer, not speech.) Just register an > account on forums.soltra.com and download the vm. > > /me removes vendor hat... > > -- > Cheers, > Trey > -- > Trey Darley > Senior Security Engineer > 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 > Soltra An FS-ISAC & DTCC Company > www.soltra.com > -- > "In protocol design, perfection has been reached not when there is > nothing left to add, but when there is nothing left to take away." > --RFC 1925


  • 4.  Re: [cti-stix] Tool alphatest

    Posted 10-30-2015 15:40
    Have you thought about writing this in Qt?  If so, then it could compile on Windows, Linux, Mac, Andorid, etc.  Qt seems to be the darling of heavy client UI tools these days.   Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   On Oct 30, 2015, at 07:45, Jerome Athias < athiasjerome@GMAIL.COM > wrote: so I put that here as a win32 executable https://github.com/athiasjerome/XORCISM/tree/master/STIXBuilder Again, it's just a GUI with no real functionality for now The differentiator I would say is that I am putting *all* the fields of the STIX Data Model. THE SOFTWARE IS PROVIDED AS IS , WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 2015-10-30 14:05 GMT+03:00 Trey Darley <trey@soltra.com>: On 30.10.2015 13:33:24, Jerome Athias wrote: So in case of any interest, let me know off-list. Meantime, if such a tool is already available in like an HTMLv5 form, please let me know PS: just few screenshots attached Nice work, Jerome! Judging by the screenshots, looks great! Does this live somewhere on Github, perchance? Since you asked whether there's a web-based tool that provides similar functionality, I'll briefly put on my vendor hat and say that what you've shared looks very similar to Soltra Edge's STIX Builder. If you haven't played around with Edge yet, it's something to consider. Note that Edge is free (as in beer, not speech.) Just register an account on forums.soltra.com and download the vm. /me removes vendor hat... -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430 Soltra An FS-ISAC & DTCC Company www.soltra.com -- In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away. --RFC 1925 --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail


  • 5.  Re: [cti-stix] Tool alphatest

    Posted 10-30-2015 15:41
    Jerome,  From the screen shots, this looks really great.  Thanks for working on this.  I think UIs are important to help people wrap their brain around what we are talking about.   Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   On Oct 30, 2015, at 04:33, Jerome Athias < athiasjerome@GMAIL.COM > wrote: -- No commercial intention in there -- I have been working on GUI mockups for STIX data manipulation. (because i hate editing xml with vi) While i prefer to directly build 'usable' GUI, using an IDE, than mockups 'on paper', i built a little tool to figure out how to graphically represent STIX from a human user point of view. So what does this tool? In short: Nothing Yep, nothing for now. But; it helped me to identify the relationships (and potential 'complexity') between the objects, and identify where concepts/objects are (re)used. And i think it will help in the current context of simplification/refactoring/abstraction (top-level objects, constructs...) It is alpha stage (and intended to be free. and could be renamed due to Trademarks), but comes with some top objects kind of fully represented. Because it's becoming quite heavy interface, i prefer sharing the binary that spending hours doing screenshots. So in case of any interest, let me know off-list. Meantime, if such a tool is already available in like an HTMLv5 form, please let me know PS: just few screenshots attached <SB_Campaign.png> <SB_COA.png> <SB_Exploit_Target.png> <SB_Incident.png> <SB_Indicator.png> <SB_Threat_Actor.png> <SB_TTP.png> --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail