CTI STIX Subcommittee

  • 1.  Relationships in MISP objects and compatibility with STIX 2.0 (and future version)

    Posted 09-06-2017 07:42
    Dear All, As we are going to release a new version of MISP which includes the new MISP objects model in the MISP standard including in and intra object relationships. The relationship types included are the ones we have collected from the broad MISP community based on the the most frequently used ones (including all the STIX 2.0 relationships). We have identified some gaps in the available relationships, perhaps it could be interesting for the CTI community to have a look at what we´ve collected and perhaps integrate some of it into a future release of STIX 2.x. https://www.misp-project.org/objects.html#_relationships Cheers -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg info@circl.lu - www.circl.lu - (+352) 247 88444


  • 2.  Re: [cti-stix] Relationships in MISP objects and compatibility with STIX 2.0 (and future version)

    Posted 09-06-2017 23:23
      |   view attached
    Hi Alexandre, I noticed that beacons_to and exfiltrates_to both contain underscore, whereas the other relationships all use hyphen. What this intentional? Cheers Terry MacDonald   Chief Product Officer M:   +64 211 918 814 E:   terry.macdonald@cosive.com W:   www.cosive.com On Wed, Sep 6, 2017 at 7:42 PM, Alexandre Dulaunoy < Alexandre.Dulaunoy@circl.lu > wrote: Dear All, As we are going to release a new version of MISP which includes the new MISP objects model in the MISP standard including in and intra object relationships. The relationship types included are the ones we have collected from the broad MISP community based on the the most frequently used ones (including all the STIX 2.0 relationships). We have identified some gaps in the available relationships, perhaps it could be interesting for the CTI community to have a look at what we´ve collected and perhaps integrate some of it into a future release of STIX 2.x. https://www.misp-project.org/ objects.html#_relationships Cheers -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg info@circl.lu - www.circl.lu - (+352) 247 88444 ------------------------------ ------------------------------ --------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/ apps/org/workgroup/portal/my_ workgroups.php


  • 3.  Re: [cti-stix] Relationships in MISP objects and compatibility with STIX 2.0 (and future version)

    Posted 09-07-2017 13:54
    On 07/09/17 01:22, Terry MacDonald wrote: > Hi Alexandre, Hi Terry, > I noticed that beacons_to and exfiltrates_to both contain underscore, > whereas the other relationships all use hyphen. What this intentional? Indeed, this is a very good point. It's now updated in the JSON definition. Thank you. Cheers. -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg info@circl.lu - www.circl.lu - (+352) 247 88444