OASIS Cyber Threat Intelligence (CTI) TC

  • 1.  RE: [cti] liaison group for OpenC2

    Posted 02-28-2017 21:57
    I would also be interested in joining. How does a formal liaison group work? What I could find on oasis website ( https://www.oasis-open.org/policies-guidelines/liaison ) is on liaisons between oasis and other groups. Am I correct in assuming this 'formal liaison group' to be between the CTI TC and the openc2 TC? I'm guessing we can't be 'formal' until openc2 has had it's first oasis meeting but I presume we could informally do it until that point. Although playbooks is certainly worthy of discussion, we may want to start with the plain old COA work associated with getting the openc2 json up to snuff utilizing stix 2.0. I'm not even sure where to find the current openc2 stix json. There was a private repo ( https://github.com/OpenC2-org/subgroup-stix ) that was deprecated when we went to the new public repo structure. Once we find what we have, I suspect it needs updating with both openc2 changes and with stix2.0. Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize


  • 2.  Re: [cti] liaison group for OpenC2

    Posted 02-28-2017 22:18
    Duncan, in this bit: >  Am I correct in assuming this 'formal liaison group' to be between the CTI TC and the openc2 TC? While Org-to-Org liaisons are supported, the machinery for " TC Liaisons " is much more lightweight https://www.oasis-open.org/ policies-guidelines/liaison# tcliaison The respective groups can discuss options, but I would certainly recommend the  TC Liaison option if it meets your needs. - Robin On Tue, Feb 28, 2017 at 3:56 PM, < duncan@sfractal.com > wrote: I would also be interested in joining. How does a "formal liaison group" work? What I could find on oasis website ( https://www.oasis-open.org/po licies-guidelines/liaison ) is on liaisons between oasis and other groups. Am I correct in assuming this 'formal liaison group' to be between the CTI TC and the openc2 TC? I'm guessing we can't be 'formal' until openc2 has had it's first oasis meeting but I presume we could informally do it until that point. Although "playbooks" is certainly worthy of discussion, we may want to start with the plain old COA work associated with getting the openc2 json up to snuff utilizing stix 2.0. I'm not even sure where to find the current openc2 stix json. There was a private repo ( https://github.com/OpenC2-org /subgroup-stix ) that was deprecated when we went to the new public repo structure. Once we find what we have, I suspect it needs updating with both openc2 changes and with stix2.0. Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize


  • 3.  Re: [cti] liaison group for OpenC2

    Posted 03-01-2017 06:54
    Hi Duncan, Thanks for your comments … Although "playbooks" is certainly worthy of discussion, we may want to start with the plain old COA work associated with getting the openc2 json up to snuff utilizing stix 2.0. I'm not even sure where to find the current openc2 stix json. There was a private repo ( https://github.com/OpenC2-org/subgroup-stix ) that was deprecated when we went to the new public repo structure. Once we find what we have, I suspect it needs updating with both openc2 changes and with stix2.0 [JV]: Completely agree that the OpenC2 STIX JSON should be the first order work to be done. We have an earlier version of the COA that needs to be updated based on the latest OpenC2 JSON along with the new Cyber Observables from STIX 2.0. There is a google doc here with the ongoing changes. Thanks, Jyoti Technical Leader Office of the CTO, Security Business Group, Cisco Systems From: < cti@lists.oasis-open.org > on behalf of " duncan@sfractal.com " < duncan@sfractal.com > Date: Tuesday, February 28, 2017 at 1:56 PM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: RE: [cti] liaison group for OpenC2 I would also be interested in joining. How does a "formal liaison group" work? What I could find on oasis website ( https://www.oasis-open.org/policies-guidelines/liaison ) is on liaisons between oasis and other groups. Am I correct in assuming this 'formal liaison group' to be between the CTI TC and the openc2 TC? I'm guessing we can't be 'formal' until openc2 has had it's first oasis meeting but I presume we could informally do it until that point. Although "playbooks" is certainly worthy of discussion, we may want to start with the plain old COA work associated with getting the openc2 json up to snuff utilizing stix 2.0. I'm not even sure where to find the current openc2 stix json. There was a private repo ( https://github.com/OpenC2-org/subgroup-stix ) that was deprecated when we went to the new public repo structure. Once we find what we have, I suspect it needs updating with both openc2 changes and with stix2.0. Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize