OASIS CTI-TC Working Session
/ CTI-TCMonthly Meeting: Session #1Meeting Date: / April 26th, 2018
Time: / Session #1 – 11:00 AM US EDT
Purpose: / Monthly CTI TC Meeting
Attendees:
Name / Company / RoleMaxwell, Kyle / Accenture / Voting Member
Ginn, Jane / Cyber Threat Intelligence Network, Inc. / Secretary
Werntz, Preston / DHS Office of Cybersecurity and Communications / Voting Member
Ricard, Chris / Financial Services ISAC / Voting Member
Barnum, Sean / FireEye, Inc. / Voting Member
Pandya, Shyamal / FireEye, Inc. / Voting Member
Patrick, Paul / FireEye, Inc. / Voting Member
Noguchi, Kazuo / Hitachi, Ltd. / Voting Member
Bishop, Adrian / Huntsman Security / Member
Keirstead, Jason / IBM / Voting Member
Morris, John / IBM / Voting Member
Parekh, Devesh / IBM / Member
Jones, Elysa / Individual / Voting Member
Creedon, Gus / Logistics Management Institute / Voting Member
Day, Jamison / LookingGlass / Voting Member
Hostetler, Dennis / LookingGlass / Voting Member
Back, Greg / Mitre Corporation / Voting Member
Baker, Jonathan / Mitre Corporation / Voting Member
Kirillov, Ivan / Mitre Corporation / Voting Member
Lenk, Chris / Mitre Corporation / Voting Member
Piazza, Richard / Mitre Corporation / Voting Member
Struse, Richard / Mitre Corporation / Chair
Vargas-Gonzalez, Emmanuelle / Mitre Corporation / Member
Wunder, John / Mitre Corporation / Voting Member
Anderson, John / NC4 / Voting Member
Davidson, Mark / NC4 / Voting Member
Suarez, Natalie / NC4 / Voting Member
Kakumaru, Takahiro / NEC Corporation / Voting Member
Riedel, Daniel / New Context Services, Inc. / Voting Member
Darley, Trey / New Context Services, Inc. / Voting Member
Varner, Drew / NineFX, Inc. / Voting Member
Van Dyk, Robert / Northrop Grumman / Voting Member
Jordan, Bret / Symantec Corp. / Voting Member
Keith, Robert / Symantec Corp. / Voting Member
Kostrosky, Curtis / Symantec Corp. / Voting Member
Mauch, Michael / Symantec Corp. / Voting Member
Merchant, Aubrey / Symantec Corp. / Voting Member
Ortiz, Efrain / Symantec Corp. / Member
Katz, Gary / US Department of Defense (DoD) / Voting Member
Agenda:
- STIX 2.1 ballot results and next steps
- Call for STIX 2.1 SDO sponsors and PoC implementations
- News from RSAC
- Upcoming training sessions
- Interop update
- TAXII 2.1 CSD01 update
- STIX 2.1 CSD01 update
- Upcoming F2F meetings
- Q&A
Meeting Notes:
Richard Struse
Welcome! First of two monthly meetings. We have a second one at 9:00 EDT
Please record your attendance to maintain your voting rights.
************************
Summarized the events at RSA – Thanks to New Context for hosting
Thanks to Allan Thomson on Interop updates
Thanks toTrey on the demo
Thanks to EclecticIQ for the STIX2 Reference cards
We want to emphasize the shift to implementation
Jane Harnad
[Update on the 2017 RSA Booth – Nine companies participated]
Each company had a chance to do 2 presentations on the show floor
*** Plans for next year – We’ll be sending information out on 2019 soon
RSA will be changing the rules – TC will need to make some decisions
We did reserve space for next year – in the South Hall – 20 X 20 space – 8 spots
The TCs will need to make a decision on whether or not you set your own rules
Like, for example, for the CTI TC, whether or not you want companies
To have gone through the Interop process
I’ll circulate information and I’ll follow-up with the chairs
We can run it as a Showcase, or we can run it according to TC rules
We need to make sure it is outlined for the Community
You could do a Showcase and according to rules
I hope to get the information out by May 14th
Richard Struse
Jason and Trey made a presentation on Patterning – It was well received
Trey Darley
We talked to 8 to 12 people after the talk – Hopefully they will join the TC
Richard Struse
[Summarized details on upcoming training]
Full day of training, open to the public, 06 June in Reston, Virginia
Hosted by LookingGlass
Eventbrite registration here:
2h45 workshop at annual FIRST conference in Kuala Lumpur
Details here:
Training curriculum is being developed collaboratively and is owned by the CTI TC
Anyone is welcome to leverage the materials to deliver training
We want to do a lot more outreach
If you're interested in hosting a training session, reach out to the TC mailing list
The training materials can be used by any of you. If you improve the material share
Trey and I will be giving a presentation at the FIRST Conference in Kuala Lumpur
Jason Keirstead
Reminded all about the upcoming PlugFest in Reston, VA
Upcoming interop plugfest 05 June in Reston, Virginia | Good registration
[Gave update on the Interop Specs – Asked for more reviewers]
[Updated interop test specs published as drafts:]
Part 1:
Part 2:
Gave update on STIX Preferred Legal Guidelines
STIX Preferred draft legal documents:
Terms of Use:
Instructions:
If your organization plans to participate in the STIX Preferred program,
now would be the time to have your General Counsel review and provide feedback.
Bret Jordan
Working Draft 01 is out for review
Please review, comment on email or in Google Doc
CSD 01 should be released soon, based on feedback from Working Draft 01
Major changes from 2.0
Change discovery URL to /taxii2/
API Root to allow relative URLs
Manifest resource is now singular object
Item based pagination removed
Updated content negotiation section
Updated media types
Roadmap for 2.1
CSD01 - Major changes
CSD02 - New features need sponsors
Possible features for future CSDs
Pagination | Query |Channels
Richard Struse
[Update on the Ballot that closed]
75% of eligible voters participated in the ballot.
Option #1 won in a 66/34% split.
We have a clear path forward for STIX 2.1.
Next steps are:
identifying sponsors and PoC implementers for new 2.1 SDOs
completing the editorial work to release a 2.1 CSD01
Discussion of the above to follow
Trey Darley
[Gave status on the Sponsors list for 2.1 Objects]
[Gave update on the status of Editorial Calls]
Ivan and I are trying to get the Cyber Observable objects updated. And in about 2 weeks
We will cover
We could use some help on STIX Patterning
There are a number items that are slated to be included in 2.1
Ivan Kirillov
Some are bug fixes – Some are to improve patterning – To improve analytics
We would love some help
We need some help
Trey Darley
I want to point out that some of the things that we found with patterning would
Not have been found with Proof of Concept
We found them through Data Modeling
Rich has been emphasizing the need for Patterning
Richard Struse
Went back over the object lists and Sponsors for developing Proof of Concept
The objects will be dropped from 2.1 if there are not 2 Sponsors
We adopted this to be clear – Now is the right time for us to get more rigorous
Reach out to John and Sarah, STIX SC Co-Chairs if you want to Sponsor
**** Call for more hosts for upcoming Face-to-Face
Thank you to Fujitsu for volunteering for a meeting in January of 2019
We still need a site for Fall of 2018
[Discussed level of adoption of STIX2 from talking to vendors at RSA]
Sketch Video --
Meeting Terminated
*****************************************************************
Page 1