OASIS Cyber Threat Intelligence (CTI) TC

 View Only

OASIS-cti@ConnectedCommunity.org

Contacts

Chair: Alexandre Dulaunoy
CIRCL
alexandre.dulaunoy@circl.lu

Chair: Marlon Taylor
US Department of Homeland Security
marlon.taylor@cisa.dhs.gov

OASIS Staff Contact: Kelly Cullinane
OASIS
kelly.cullinane@oasis-open.org

Description

Supporting automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis

Group Notes

Table of Contents






Announcements





First STIX/TAXII 2.1 PlugFest Demonstrates Interoperability Between Cybersecurity Tools. Members of the CTI TC confirmed the multi-vendor interoperability of their CTI tools and verified their compliance with the STIX 2.1 and TAXII 2.1 Interoperability Test Documents. 15-17 June 2022



OriginBX Alliance for Digital Trade and STIX/TAXII Cybersecurity Standards Win Open Cup Awards. The Open Cup for Outstanding Approved Standard was awarded to STIX v2.1 & TAXII v2.1, two widely used cybersecurity standards that enable the automated exchange of cyber threat intelligence. 19 Jan 2022



The press release on STIX and TAXII's approval as OASIS Standards is available now. You can read it here.



STIX v2.1 and TAXII v2.1 OASIS Standards are approved and published

STIX Version 2.1 is approved as Committee Specification 02. This edition adds new objects and concepts and incorporates improvements based on experience implementing Version 2.0.



TAXII Version 2.1 is approved as a Committee Specification. A number of updates and additions have been added in response to testing and feedback. The list of major changes and additions can be found in Section 1.7.1.



OASIS Completes Second Successful Plugfest for STIX/TAXII 2 Interoperability: Cisco, Fujitsu, LookingGlass, NC4, New Context, U.S. DHS, and Others Participate in Event to Validate Threat Intelligence Sharing Standards. 29 June 2018



Cybersecurity Companies Demo Support for STIX and TAXII Standards for Automated Threat Intelligence Sharing at RSA 2018: Anomali, EclecticIQ, Fujitsu, Hitachi, IBM Security, New Context, NC4, ThreatQuotient, and TruSTAR Demo STIX and TAXII Support; 16 April 2018.



In TechRepublic video, Richard Struse of MITRE explains how STIX and TAXII give cyber defenders better weapons.



Sharing Cyber Threat Intelligence Just Got a Lot Easier. Learn about STIX and TAXII 2.0.

STIX and TAXII Version 2.0 are now approved and published OASIS Committee Specifications.



STIX and TAXII receive 2016 Open Standards Cup. Former CTI TC co-chair, Richard Struse of US Department of Homeland Security, was named Distinguished Contributor. See press release.



STIX, TAXII, and CybOX received the European Identity Conference (EIC) 2016 Award for Best Innovation/New Standard in Information Security. Congratulations to all CTI TC members.



Participation in the OASIS CTI TC is open to all interested parties. Contact join@oasis-open.org for more information.






Overview



The OASIS Cyber Threat Intelligence (CTI) TC was chartered to define a set of information representations and protocols to address the need to model, analyze, and share cyber threat intelligence. The CTI TC focuses on development and standardization of STIX (Structured Threat Information Expression) and TAXII (Trusted Automated Exchange of Indicator Information) under the OASIS open standards process.



The OASIS CTI Technical Committee will:



  • define composable information sharing services for peer-to-peer, hub-and-spoke, and source subscriber threat intelligence sharing models

  • develop standardized representations for campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action

  • develop formal models that allow organizations to develop their own standards-based sharing architectures to meet specific needs





For more information on the CTI TC, see the TC Charter.




Subcommittees









TC Liaisons

No TC Liaisons have been announced for this TC.




TC Tools and Approved Publications









Technical Work Produced by the Committee








OASIS TC Open Repositories Sponsored by the Committee

OASIS TC Open Repositories:



  • cti-stix-validator: Validator for STIX 2.0 JSON normative requirements and best practices

  • cti-stix-slider: Supports development of a Python application to convert STIX 2.0 content to STIX 1.x content







Expository Work Produced by the Committee

There are no approved expository work products for this TC yet.




External Resources

Although not produced by the OASIS CTI TC, the following information offers useful insights into its work:






Mailing Lists and Comments

cti: the discussion list used by CTI TC members to conduct Committee work. TC membership is required to post, and TC members are automatically subscribed. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org.



cti-publicmirror: a read-only public mirror of the CTI TC discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-publicmirror-subscribe@lists.oasis-open.org




cti-users: a public forum for asking questions, offering answers, and discussing topics of interest on STIX and TAXII. Users and developers of solutions that leverage those cybersecurity specifications are invited to participate. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-users-subscribe@lists.oasis-open.org. The public may view the OASIS list archives, also mirrored by MarkLogic at MarkMail.org



cti-stix-publicmirror: a read-only public mirror of the CTI STIX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-stix-publicmirror-subscribe@lists.oasis-open.org



cti-taxii-publicmirror: a read-only public mirror of the CTI TAXII Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-taxii-publicmirror-subscribe@lists.oasis-open.org



cti-cybox-publicmirror: (LIST DEPRECATED) a read-only public mirror of the CTI CybOX Subcommittee discussion list. Anyone may subscribe to this list by sending an email subscription request (a blank message) to cti-cybox-publicmirror-subscribe@lists.oasis-open.org



cti-comment: a public mailing list for providing feedback on the technical work of the OASIS CTI TC. Send a comment or view the OASIS comment list archives, also mirrored by MarkLogic at MarkMail.org.




Press Coverage and Commentary






Additional Information

Public Resources -will be hidden if you are logged in

Announcements

Log in to see this information

Either the content you're seeking doesn't exist or it requires proper authentication before viewing.

Latest Discussions