Re: [cti-stix] The STIX Observables we should be targeting to support in STIX.

["Jason Keirstead" <Jason.Keirstead@ca.ibm.com>]

It would be interesting if the MISP project could share any kind of anonymous statistics along the lines of the "cti-stats" project we ran earlier this year, to attempt to gauge which indicator types are used most often in the community. It would help prioritize.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Alexandre Dulaunoy ---11/21/2016 06:45:54 AM---On 21/11/16 00:53, Terry MacDonald wrote: > It seems to me that we should be looking to other areas

From: Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
To: cti-stix@lists.oasis-open.org
Date: 11/21/2016 06:45 AM
Subject: Re: [cti-stix] The STIX Observables we should be targeting to support in STIX.
Sent by: <cti-stix@lists.oasis-open.org>

---

On 21/11/16 00:53, Terry MacDonald wrote:
> It seems to me that we should be looking to other areas where we can learn
> what people are actively sharing. MISP is a great example of this. MISP has
> grown organically, adding features as people have requested for them. In my
> opinion it is a great list of things that people would find useful if we
> add them:
> 
> http://www.misp-project.org/datamodels/#types
> 
> Things that specifically piqued my interest were:
> - BIC
> - IBAN
> - CC number
> - Link
> - Text
> - bitcoin (btc)
> 
> Cheers
> 
> *Terry MacDonald *| Chief Product Officer
> 
> 
> 
> M: +64 211 918 814 <+64+211+918+814>
> E: terry.macdonald@cosive.com
> W: www.cosive.com
> 

Forwarded mail from Andras (mailing-list policies reject his original mail ;-)

----

Hello Terry,

As someone involved in the MISP project, having support for these types in STIX would be a great move for our users. Right now we basically have to omit sharing any of these indicators when exchanging
information with other systems using STIX, it would be great if we could share the full range of data instead of downgrading it for STIX.

Best regards,
Andras

PS: We have exactly the same issue with marking as we explained in the F2F meeting in Brussels.

-- 
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
info@circl.lu - www.circl.lu

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php