OASIS Cyber Threat Intelligence (CTI) TC

  • 1.  Re: [cti] Next weeks working call

    Posted 01-29-2016 20:44





    I think we already have topics lined up.
    I’m pretty sure that CybOX wanted some time to talk about Object selection. Ivan said they would need at least 30 mins.
    STIX is hoping to use the rest of the time to talk about Source reference approach which is in the set of Indicator tranche plan topics for next week.
    Versioning is not slated until the week of 2/15.


    sean









    From: < cti@lists.oasis-open.org > on behalf of "Jordan, Bret" < bret.jordan@bluecoat.com >
    Date: Friday, January 29, 2016 at 2:54 PM
    To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: [cti] Next weeks working call





    Here are some possible topics for next week's working call:


    1) Do we really need the indicator type field.  Jason / John Wunder to discuss 


    2) How to do versioning. 














    Thanks,


    Bret











    Bret Jordan CISSP

    Director of Security Architecture and Standards Office of the CTO

    Blue Coat Systems

    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 


















  • 2.  Re: [cti] Next weeks working call

    Posted 01-29-2016 20:47




    Yup – as Sean mentioned, we’d like to talk about the Object selection approach for CybOX 3.0.


    For those interested in some prior reading, here’s a wiki page that documents our current thinking:  https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Object-Selection


    Regards,
    Ivan








    From: < cti@lists.oasis-open.org > on behalf of Sean Barnum < sbarnum@mitre.org >
    Date: Friday, January 29, 2016 at 1:44 PM
    To: Bret Jordan < bret.jordan@bluecoat.com >, " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: Re: [cti] Next weeks working call







    I think we already have topics lined up.
    I’m pretty sure that CybOX wanted some time to talk about Object selection. Ivan said they would need at least 30 mins.
    STIX is hoping to use the rest of the time to talk about Source reference approach which is in the set of Indicator tranche plan topics for next week.
    Versioning is not slated until the week of 2/15.


    sean









    From: < cti@lists.oasis-open.org > on behalf of "Jordan, Bret" < bret.jordan@bluecoat.com >
    Date: Friday, January 29, 2016 at 2:54 PM
    To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: [cti] Next weeks working call





    Here are some possible topics for next week's working call:


    1) Do we really need the indicator type field.  Jason / John Wunder to discuss 


    2) How to do versioning. 














    Thanks,


    Bret











    Bret Jordan CISSP

    Director of Security Architecture and Standards Office of the CTO

    Blue Coat Systems

    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 




















  • 3.  Re: [cti] Next weeks working call

    Posted 01-29-2016 21:03
    Has the idea been floated for something akin to "provisional" objects? It would be nice to be able to reference objects that have been discussed by stakeholders but not been formally ratified in the community. A lot of these objects that are not important enough to hold up Cybox 3.0, we may have some form of provisional proposal that people could make use of. I am thinking similar to how web standards work. Frequently (in fact, almost always), web browser vendors reference and implement provisional specifications, for months and sometimes for years before they are ratified. Once they are ratified, they make the needed changes in their basal implementations to use the officially blessed behaviours. - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown "Kirillov, Ivan A." ---01/29/2016 04:47:06 PM---Yup – as Sean mentioned, we’d like to talk about the Object selection approach for CybOX 3.0. For th From: "Kirillov, Ivan A." <ikirillov@mitre.org> To: "Barnum, Sean D." <sbarnum@mitre.org>, "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Date: 01/29/2016 04:47 PM Subject: Re: [cti] Next weeks working call Sent by: <cti@lists.oasis-open.org> Yup – as Sean mentioned, we’d like to talk about the Object selection approach for CybOX 3.0. For those interested in some prior reading, here’s a wiki page that documents our current thinking: https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Object-Selection Regards, Ivan From: < cti@lists.oasis-open.org > on behalf of Sean Barnum < sbarnum@mitre.org > Date: Friday, January 29, 2016 at 1:44 PM To: Bret Jordan < bret.jordan@bluecoat.com >, " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: Re: [cti] Next weeks working call I think we already have topics lined up. I’m pretty sure that CybOX wanted some time to talk about Object selection. Ivan said they would need at least 30 mins. STIX is hoping to use the rest of the time to talk about Source reference approach which is in the set of Indicator tranche plan topics for next week. Versioning is not slated until the week of 2/15. sean From: < cti@lists.oasis-open.org > on behalf of "Jordan, Bret" < bret.jordan@bluecoat.com > Date: Friday, January 29, 2016 at 2:54 PM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: [cti] Next weeks working call Here are some possible topics for next week's working call: 1) Do we really need the indicator type field. Jason / John Wunder to discuss 2) How to do versioning. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."




  • 4.  Re: [cti] Next weeks working call

    Posted 01-29-2016 21:17
    The question is, will people just accept your list or do we really need to spend time discussing which ones will be in and which ones will not.  Let's try and make sure these meetings are not status updates.  And things that can easily be handled via email or slack should be done that way.   For example we had a lively discussion on slack today about do we really need the indicator type field and what does it really mean.  After 30-45 minutes of slack time we could not come to consensus.  Therefor I would argue that this then becomes a prime candidate for a phone call.  Phone calls should be reserved for things too difficult to solve any other way.  Bret  Sent from my Commodore 64 On Jan 29, 2016, at 1:47 PM, Kirillov, Ivan A. < ikirillov@mitre.org > wrote: Yup – as Sean mentioned, we’d like to talk about the Object selection approach for CybOX 3.0. For those interested in some prior reading, here’s a wiki page that documents our current thinking:  https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Object-Selection Regards, Ivan From: < cti@lists.oasis-open.org > on behalf of Sean Barnum < sbarnum@mitre.org > Date: Friday, January 29, 2016 at 1:44 PM To: Bret Jordan < bret.jordan@bluecoat.com >, " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: Re: [cti] Next weeks working call I think we already have topics lined up. I’m pretty sure that CybOX wanted some time to talk about Object selection. Ivan said they would need at least 30 mins. STIX is hoping to use the rest of the time to talk about Source reference approach which is in the set of Indicator tranche plan topics for next week. Versioning is not slated until the week of 2/15. sean From: < cti@lists.oasis-open.org > on behalf of "Jordan, Bret" < bret.jordan@bluecoat.com > Date: Friday, January 29, 2016 at 2:54 PM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: [cti] Next weeks working call Here are some possible topics for next week's working call: 1) Do we really need the indicator type field.  Jason / John Wunder to discuss  2) How to do versioning.  Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 


  • 5.  Re: [cti] Next weeks working call

    Posted 02-03-2016 10:15
    On 29.01.2016 20:46:55, Kirillov, Ivan A. wrote: > Yup – as Sean mentioned, we’d like to talk about the Object > selection approach for CybOX 3.0. > All - I am extremely sorry to have missed yesterday's TC working call, especially as the question of defining the CybOX 3.0 MVP was a principal topic of discussion. I believe this is the first call I've missed since the transition to OASIS last July. Please don't interpret my absence yesterday as indicative of a lack of seriousness in my role as a CybOX co-chair. Sometimes you just have to play the hand that life deals you. :-/ Ivan, thank you for carrying the torch in my absence. -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra An FS-ISAC & DTCC Company www.soltra.com -- "It is always possible to aglutenate multiple separate problems into a single complex interdependent solution. In most cases this is a bad idea." --RFC 1925 Attachment: signature.asc Description: PGP signature