[mile] Cross-Posting: Request for Public Comments on STIX 2.0

"Struse, Richard" <Richard.Struse@HQ.DHS.GOV> Thu, 16 March 2017 14:21 UTC

Return-Path: <Richard.Struse@hq.dhs.gov>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 417A41294E5 for <mile@ietfa.amsl.com>; Thu, 16 Mar 2017 07:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=usdhs.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M7UYrTZa2jiO for <mile@ietfa.amsl.com>; Thu, 16 Mar 2017 07:21:31 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0051.outbound.protection.outlook.com [23.103.200.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3648129532 for <mile@ietf.org>; Thu, 16 Mar 2017 07:21:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=usdhs.onmicrosoft.com; s=selector1-hq-dhs-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+OAWN9KXHeV4BZmDhCsczutYLSlf7EOavkAnFWPmxBw=; b=kSwW4Y2/cg5e/a2nxSs+6oOMYzxaZ+KDJfIX7e6saoOTcL5p6gwNXArq09kAFT3nHmDaYr6yRtbSxTj6FZkdSIfmGvVSM59ib1Ln7TEiJvccXvSkD9nF1NtIGiUxIP9eoBJIDQx1NERUla4rZDeIXAegOdwQpXuX67rBkOHLRZw=
Received: from CY4PR09CA0004.namprd09.prod.outlook.com (10.172.65.14) by CY4PR09MB1254.namprd09.prod.outlook.com (10.172.66.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.977.11; Thu, 16 Mar 2017 14:21:29 +0000
Received: from BL2FFO11FD042.protection.gbl (2a01:111:f400:7c09::141) by CY4PR09CA0004.outlook.office365.com (2603:10b6:910:2::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.977.11 via Frontend Transport; Thu, 16 Mar 2017 14:21:29 +0000
Authentication-Results: spf=pass (sender IP is 216.81.85.157) smtp.mailfrom=hq.dhs.gov; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=HQ.DHS.GOV;
Received-SPF: Pass (protection.outlook.com: domain of hq.dhs.gov designates 216.81.85.157 as permitted sender) receiver=protection.outlook.com; client-ip=216.81.85.157; helo=D2IAPPREACIP5.dhs.gov;
Received: from D2IAPPREACIP5.dhs.gov (216.81.85.157) by BL2FFO11FD042.mail.protection.outlook.com (10.173.161.138) with Microsoft SMTP Server id 15.1.961.10 via Frontend Transport; Thu, 16 Mar 2017 14:21:29 +0000
Received: from unknown (HELO D2ASEVPEMHU08.DSA.DHS) ([10.239.234.231]) by D2IAPPREACIP5.dhs.gov with ESMTP; 16 Mar 2017 14:21:28 +0000
Received: from D2ASEPREA009.DSA.DHS ([10.232.104.26]) by D2ASEVPEMHU08.DSA.DHS ([fe80::401a:494d:85bb:1adc%15]) with mapi id 14.03.0279.002; Thu, 16 Mar 2017 10:21:28 -0400
From: "Struse, Richard" <Richard.Struse@HQ.DHS.GOV>
To: "mile@ietf.org" <mile@ietf.org>
Thread-Topic: Cross-Posting: Request for Public Comments on STIX 2.0
Thread-Index: AdKeYJeA47V4l1BGQaGZJYn+lHsGcA==
Date: Thu, 16 Mar 2017 14:21:28 +0000
Message-ID: <DE637B85E99BDF4DBA1D1C1DF89189390169633FCC@D2ASEPREA009>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.239.235.225]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_01AB_01D29E3F.107F6B80"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:216.81.85.157; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(39850400002)(39840400002)(39860400002)(39410400002)(39450400003)(2980300002)(438002)(189002)(252514010)(199003)(9170700003)(33716001)(189998001)(55846006)(110136004)(45126002)(38730400002)(54356999)(33656002)(50986999)(77096006)(81166006)(99936001)(2501003)(71636004)(512954002)(5890100001)(5660300001)(3846002)(53416004)(356003)(6916009)(5640700003)(236005)(606005)(16799955002)(54896002)(9686003)(8936002)(1730700003)(6306002)(42882006)(8676002)(53936002)(260700001)(106466001)(8558605004)(568964002)(2920100001)(7736002)(270700001)(2900100001)(7066003)(7826002)(19609705001)(63266004)(6116002)(102836003)(790700001)(2906002)(7906003)(2351001)(84326002)(2930100002)(86362001)(19623455009); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR09MB1254; H:D2IAPPREACIP5.dhs.gov; FPR:; SPF:Pass; MLV:sfv; MX:1; A:0; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD042; 1:luASBzIySmPTG/yejYku6jmq4y5AHNKXK+h7tOrxXhhjimbO3Arz2qBLBW7KlZISYZrgCMnpHkHaVCI4Q7FdlgM0HoY9dAY8tUxMtIU2TxId+kF7nOgzSMN2A4TcZYUZDIoriWBFV7N054Rn0geJMVYQXxhcH/0a3bHxtXN48EB7Pq+lVj2WWsR0yavdV6eupUItryUP/x6jlGzf7G940L8HXkRwVkWPU4bq+enw2krOlP8PBP9yzdkagRQMW9BoT34FVZVSnZE6MgwctrcOCbWHZn6qfHEZuF1ee4mmEGAbj/281F7L5sjXuSe7a8hRkm2BEH3HoYi9NYNG+h8F1nFOqDB0b5azFeC1nr9mxc/nUvdlEitmSJtMdSZ+G1wwftQdbHJMuuXt3KTPvyLoB8EJLJVjv9Yhfxr+utMGNwZlMjA0s01Tf5i6evLQNzyX3enlBQR/stVfXZa59+4X6IpitNUn3HCt4fnWX6Y0Jl9xhP3Xzo1TGcCuiLEhlT0Dr1iTTQi3wq0gWz1KPOdCCg==
X-MS-Office365-Filtering-Correlation-Id: ab2dc727-3f85-4680-c42a-08d46c77bcf4
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(8251501002); SRVR:CY4PR09MB1254;
X-Microsoft-Exchange-Diagnostics: 1; CY4PR09MB1254; 3:FoehkLr3ZBmnpK9lG6POsYfNFgEPUesymcuHL49UFiKQPbUU7oXd29EL/UMI/ZeiYHsAX3gNaidMRj5pit7n4G6q+jyNfpDgSXEUOPvYeIlegcwBjuO+hqBL0vQIBZw8KxozYrWRiUR+nBNHTW21NRxldX8UVtyQa08A2bFKOiAONp1ePHZph22BEYkN/geDTM4f8z7zFSbBgF22sNZ/VIMBHCPLtRWdfwIpemTZ706bo525yZa4+sHkEXnJD+reKaImP2WDBzV0w4hqi2YB8XqRP7cpVRGisreRML9K05w5VPOeWn5QKY3vgeTAzEch5BvoHjeB96R2dGfcz1rS5qxfiJgulCMfm0AVirAqC5FVcP29z6UAG/IexGoNzCQ1B50jadZRBN0377KdlAhnEw==; 25:nnZx1dbBdwcO1V92si2evfYkNX019XmhfeETkLyavJtLwrBDowIIb89lEHVLKeaNCZVFha9zzRM8x44W41j+RoCp56g0Ke5pIWh+22QMhqU5rsDorayJt4s0ctsqNPpjDjPiUxMX7o1L/QDzRw5KL+X9t7fdo0SH2lfO5K6np0UFu/Frk0SCJkWj5/nNYU9dTpfPhpeKD0wOxmhQsaOF680VIjAVaYmuXA8Sf2DVgusHkZuPa/jPML7XsXGWkYjBrT4D2Jdidi17LDTMDhDBhEhte5aKz/LQ9EHCOU2z/YgZ7yqcQOZ0mMQTXVWZfgaPzH8RePPH+PDqmF5gmOiFQtIC8SK4I5eBcjZ8f3ZCjZSygFQu9bUjg2NbINtwraoR8MXTguAH5HEnAvpLJof6w+ojKO4uDvX0KqW7oGX3Ni7/TGl9jlOEHAiVEkd4InN5PWka59tq/rBUTqE8ZdDbtQ==
X-Microsoft-Exchange-Diagnostics: 1; CY4PR09MB1254; 31:Hj8FP7LJ1pWzSSleNV7DKL371D6Z7thJbG/Jhav+u+z4REnbhPbEI7kIBhq7d4kBGQKG8NimdtHZFzfubM85DXlTHWO1uVD0NhGaIZjDinYCfnaUn1+epXJKLXb726+ugY3VyYzkj888tTe8946DsTpLeBmIV8kp6SKOspUaXuSTJX9iVz2SPOuADcC5fw5VLTge/aVxMxsaLyd5Dlm6LeR+cm2VoYWajREbSp/7u6XF5eoScyUyz26AmGnw/NEcYCKDGgoSPbpuRLPqgeuOgA==; 20:vSk815i8N6nLH5IyiwEiCt/JZykoj1+UIWygIoIUZDQLaI1udbFexZJhUSnirGn/wdzgTZXUP1kCam7yDcdvub2lxN9pxPw8wK5MoQxXWAjanyPyI51tCf6M+3I+79P1rEOy0afF+menyaOKbi59+JacWhtG8ftXaIwYcT+wjTAGoEcoSe41MxL06PgWEbPqz8HkgpxcL3FSJXvRfc0U4oG8pWnq9FtymJoNnjX0m/4NU7FzHQ6wzTd44KExOt+OtfVxueVVX3lWRmejSbOInEVQMKZqUxVopibHk9fJCUSjqUfaGWSWsk4YKwhxjWD1PmECppTIMp9IPmkj2XupZbD4QtKRSh3VfU8bBwvacwauME6GlijSLlh1aCFpgUnM5aWrOB5Tn/0v3P/muRzRcUYg6TTW546fTplcpZdEMONy1NX3CU+pYPefj7XtUHuWoQb5iU8xx9asEfc0lZLNUC84JHRIoGD+Vf6WG++pmcmdbJRFX2F14WaZ1JGrfsQ7
X-Microsoft-Antispam-PRVS: <CY4PR09MB125404045F93161629899BFBBD260@CY4PR09MB1254.namprd09.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(38170694233816)(152865683959669)(21748063052155);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(13017025)(5005006)(13015025)(13023025)(13018025)(13024025)(3002001)(10201501046)(6055026)(6041248)(20161123564025)(20161123555025)(20161123560025)(20161123558025)(20161123562025)(6072148); SRVR:CY4PR09MB1254; BCL:0; PCL:0; RULEID:; SRVR:CY4PR09MB1254;
X-Microsoft-Exchange-Diagnostics: 1; CY4PR09MB1254; 4:RpNL4P4wP+ZOIgJd0ZSAd2En1ta0WxHeZbFQmBPDUnWRfjZaLtjpPV2kvARvU1EVuMkdPxoPWJV2V5GHk4yNZKgVa0TxEKtnMQ1MifFIEdialZCA7Sdh7KHr2KQrUDRjBxebBF6fqBdnCo/nOwdskruAILe/ZBKDwCU4MsKuEd3SSrVp2OsTlPxXc5QDo9Fswm27XkOfWryukB9agUtL9j6OnHeneMInAIk+y89icL/s9EOsq4lkWleEKASBPUddbaL9vPxqrdyZRHZoOkJSPYAQou2k/pbo+ClduxQ5LSSqX9XAIBLmbMDPJGBkwq4chVg1Wgal3ya/m3L5jcWSyyK4itce3DHaoWWrRNYMfyM0mtwyXGsH7wywXPGrTiZyv4KXRgNXn0Al5cVvyHyKJ4cyIYhh4AN1SM/Lx4DSCvEkRbRlC0B7baZSrO1XmY/5F/uAE/W176eXM1wA/nOnjw2yLUox4jTuZIZNQiKhtMVOVEzdGoQdjq7AT2kxssjZ+vyOGiZzvRrRaDyToKk4TX4g3nZy49p2+gySI+TiwlmHn4NJqGQGlkXbGy1oSbN9xk/7TD/7eeCFSgttZ4qw8M3OqmiB5meTi6WVFyixfmo4O+OWU3Et09W5alRpi71HgkXhA774pOYGO2ikKA4ULnmYIQgj7FUK33yjIdgzxMuSoK5y6CCkcmqJVfbpCJ/iPGsLOh87unI38ekQe6X5r+76gaP21L+H72c3HsBdGH9QrSzp91b3bCx+2UZjdfDwiSH8xVgfmLtY4EvCPRGGHVT3kOdyxHi0DsusnFqdGClbQRIGR4phY3e/+HRiDL+KzXjjslCw9xyhkQvryHtXRIaMOmq/2IdQWGFoNzU0Fy8=
X-Forefront-PRVS: 024847EE92
X-Microsoft-Exchange-Diagnostics: 1; CY4PR09MB1254; 23:bA/ZYjFF3IEAcFRvrR6aj9GDtrO74fPgc9/QqgkRmE9K2dNApXcVzFbv6t8+EJuUg3EAzsxG8H+m+pJ+6W3x1wJgGJE2bdn/Adj/2CmMQPW/ndoezw+wCROazNL+Zr77msTpnbCE3gOgKRsq2yKM1wo+RhpJUaBMTzyEPb53RHg9KUlKUSXd2hjG81Mi21xzgHrCG5kZY2zbXyO3CWzjjUTTVONfSJ2VILNdt5lk8o8x5ze+ERWtr6pgPQaG0aXknxKcAVhNCSs9hofusVYJbPIstLvZg357M550Ka4C3dcS5gu/iWkuXfkR70GXs/2N6l6pa+TkgYUXWzezg/67kWdE91JQ8ERY+j3eVr2MsVgZR9oQbJ7zdp9+mxrb69cLLG++wK2Kv3tjpIC4kdYsft02tgpLcNMIR3kc5cwM1yWYutBgHpDAxHVJuBk6uPHYRabdYZsomRqYKB2ZjXeNRFc0OLuW3UBvt/L2Kdkfjqj80N5G38No9DQcCHjFzXyHhlU2eI789TU3vmLavWGiyVNibk2EdnrptHnuNHkIm49bOAX5k8eZ9quczQ6EYWefBCw9SUIHMZ3IbV3bpItkXGdR/wJv+etpLZt8Zo+cVaKayn3n3cncsuFtJdKM55/G4rTSnfjaR+FQXS2wLrb/+iiMbBe5LpJr74tYiFNoihYB1ON5caL1r4BzEVN3Q8h7+1bwZJby1RV8VCPC30nAAjO6h1ObPpjXQ1HKclzzfzUOW1Q8rAz7w+xI0c36dxXYlTFE4lPxqzj2dMv74+SUWkJM/IrdGrTtAtfPkQLTuWgUf15s4mjIqXjaTf9YHGcuz9N9HGoUuVMn72Kyt81M8JHz0YRU31BlBaUcoo0+UKZkrGbPb4R1sYsD3r6vntULb4Cec5WvrjE2i87YKqTWn5Y/BHMTXUUlI2Jv2AcN+9gAlFmNhDe+ypjnMJKfzo4CfDMAVaGvvsuue+cWL0SPcbuOrBabz2Rxz1J8VWDN4rF9obLj844MMODwtzraPCnjAS/SnnwClCQhTS425nw6cQfZekRV0cXO6FA+i1eJOlhquncHpYI4OfvOw2h3xDTeuw9nZSmD5FC1cr46xE5JQUqZu6vkwhlwWil0k8lq0dq/pji0hOzUs7Bw9oyul3w5H3AceASJOugxlRwb7gd+t7J821c9yrTxqv99WI5tzisKNn0JUjdjaA2FhbB3/yPmmZ5MoEHYMXTfoI3UjLFN3kaKQyTG4UXWNA93DrSCrSPZerxhWyJj5evnRl0wky7F1gQtnUSU5FBNUCZOGMPhYDaZvVrEpyE7IIfQ+8htrZWFA4vmwHFifNMekJTFgcIw57FnxCJdmjkNYq/OpaiyqQ09EBKg3cxCbOfbUgZsKhn3231cDMTraI90+eX7hP59C6HnkTjRVPvubyjQ+d0nSt1aQWlDVaMpHYPR3Jzk2x4wstwWVcEGr8HAB+Dv1Dr73oMB+DCBnOst3t7AKjITkaIuIp9qaGtwbp6r1S/yVf9iYHYB3NV5TQDFzJT+VUm9/7/HFMMOpG9xiAvNLTZUXgdomjpvHlRMz343WHusNf3a2EUsOXTV7GzvGrAOfPA5
X-Microsoft-Exchange-Diagnostics: 1; CY4PR09MB1254; 6:AU6LPyROI0qG60vcCtxDVoqd5hC9/eeq9HO7dZPZkpFaOLAnxQhk/g6tv/563KPP0hW29qoVpQiQNdfly2W8UgKYYIvf5z2HVjC7wf8VloRBZnoXZPhQXx041L2AlDxljvA689ayhRi1rRRQhfqKBhp+Ov/bM89R+kl3bK9HoIfK/c7TP37m+1ZPy17eFJQGY1pHnhbEmQmNYqmyy0TyhnnMhAaxO8pMCLN9FNoRqAQypzLMNDy6KWIKhAI4ZHBFweWFqAmYp7lqzERFqV4yQnTHM1W3cGrxE/WUGGtr42/oH7JgFp3i6rVpkLWrgWBsBtBO/pArOKj0DaRNx4ZBM1ojfkX9zttNb3uSM6H+zjG9sWfk03IDHfcqRt9epen8nYOCLyL/epKz+rhoyJSj+AxRPGd/ngMyDvivl/Y0J4I=; 5:f2YVsaxwqzewiqmUqKo5SZXH4lAdBYNuW0fGBF3G8I8oFAg5XktIEeeQMsaGNY+upwVe0YzhByiavZDXtbkDo3HjBKSNvXpBzypZIZf576INL3Yzwx9uPxHpUgqFm/sSAePHWVbCwfLS/TFb5nfOOw==; 24:ywqPdc8IWVeunj59aEqxrB7levl/aIrY44VsL+PgGBt+aO5cdantTPTkY3u1XLJof5nr7GYiysTlHLPL5jASn233CBIq3KqPoALDchW926A=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CY4PR09MB1254; 7:DipasXSg/7g5WPDozoi/R3q5M3txVp+TWSR6Q47dbX8N/cNOVrKwSDg6IU5HQ4Ov8x+WtKjbIkgKgHctn3U3W5mfxOtDDQJSSmCxgNPsszPcyfF65KCJGmI2EUURNOg7MGdQ+me0DHQ442J+bHS5GQrWO0JvqpJS/qhzREgJJIbz40WjjerDdx1Q94VbXW6uIEmq5/HoKmsvjb+3tSOrjac2riuLChPuhKD7zr8ppuR2qSQq/E1W0Bq2nCOBG5mSCKn/9NDTT63DhgO4KFrmmcEv9nAfRbRql+6slE6403U5TljAJYZZzFQ/Kw6cyzSK/Irz0JS52JJYl7ebvR10KQ==
X-OriginatorOrg: hq.dhs.gov
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2017 14:21:29.2524 (UTC)
X-MS-Exchange-CrossTenant-Id: 3ccde76c-946d-4a12-bb7a-fc9d0842354a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3ccde76c-946d-4a12-bb7a-fc9d0842354a; Ip=[216.81.85.157]; Helo=[D2IAPPREACIP5.dhs.gov]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1254
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/dOiKYhZG_lI15zB2VGSMKgH2EpA>
Subject: [mile] Cross-Posting: Request for Public Comments on STIX 2.0
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 14:21:38 -0000

Dear Cybersecurity Community Member,

 

The OASIS Cyber Threat Intelligence Technical Committee (CTI TC
<https://www.oasis-open.org/committees/cti/> ) members have recently
approved STIX 2.0 as a Committee Specification Draft (CSD) and submitted it
for 30-day public review.  The public review started 08 March 2017 at 00:00
UTC and ends 06 April 2017 at 23:59 UTC. 

 

This is an open invitation to comment. OASIS solicits feedback from
potential users, developers and others, whether OASIS members or not, for
the sake of improving the interoperability and quality of its technical
work.

 

What is STIX?

Structured Threat Information Expression (STIX) is a language and
serialization format used to exchange cyber threat intelligence (CTI). STIX
enables organizations to share CTI with one another in a consistent and
machine readable manner, allowing security communities to better understand
what computer-based attacks they are most likely to see and to anticipate
and/or respond to those attacks faster and more effectively. STIX is
designed to improve many different capabilities, such as collaborative
threat analysis, automated threat exchange, automated detection and
response, and more.  More information can be found here
<https://oasis-open.github.io/cti-documentation/stix/about> .

 

What's New in STIX 2.0?

STIX 2.0 represents a significant evolution in the design and implementation
of STIX.  To date, STIX has been very successful in demonstrating that
machine-readable cyber threat intelligence can be widely shared and used
operationally. Both commercial and government threat intelligence feeds
provide it and many threat intelligence tools produce and/or consume it.  As
with anything, however, in developing and implementing STIX 1.x the
community (both vendors and consumers) have found that it also had some
shortcomings. These included excessive complexity and excessive flexibility.
In addition, STIX 1.x used XML, which has fallen out of favor with much of
the developer community.

 

STIX 2 is a redesign of STIX that has the same goals and builds on the same
foundational concepts but in a way that addresses those shortcomings. It is
not backwards-compatible but is intended to be a replacement for STIX 1.x.
STIX 2.0 is the first release of STIX 2 and is intended to be a framework on
which future capabilities can be built. In fact, while STIX 2.0 is currently
under review, the community is already working on additional capabilities to
add in STIX 2.1. All of the releases in the STIX 2 series will build on each
other such that upgrading from one version to the next should be easy
(unlike the change from STIX 1 to STIX 2).  For more information, consult
the FAQ <https://oasis-open.github.io/cti-documentation/stix/review> .

 

STIX 2.0 Documents

STIX Version 2.0 is a five-part specification. The prose documents and
related files are available here:

 


Part #

Title

Links


1

STIX Core Concepts

Editable Authoritative Source (DOCX)
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part1-stix-core/stix-v2.0-
csprd01-part1-stix-core.docx> 

HTML
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part1-stix-core/stix-v2.0-
csprd01-part1-stix-core.html> 

PDF
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part1-stix-core/stix-v2.0-
csprd01-part1-stix-core.pdf> 


2

STIX Objects

Editable Authoritative Source (DOCX)
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part2-stix-objects/stix-v2
.0-csprd01-part2-stix-objects.docx> 

HTML
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part2-stix-objects/stix-v2
.0-csprd01-part2-stix-objects.html> 

PDF
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part2-stix-objects/stix-v2
.0-csprd01-part2-stix-objects.pdf> 


3

Cyber Observable Core Concepts

Editable Authoritative Source (DOCX)
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part3-cyber-observable-cor
e/stix-v2.0-csprd01-part3-cyber-observable-core.docx> 

HTML
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part3-cyber-observable-cor
e/stix-v2.0-csprd01-part3-cyber-observable-core.html> 

PDF
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part3-cyber-observable-cor
e/stix-v2.0-csprd01-part3-cyber-observable-core.pdf> 


4

Cyber Observable Objects

Editable Authoritative Source (DOCX)
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part4-cyber-observable-obj
ects/stix-v2.0-csprd01-part4-cyber-observable-objects.docx> 

HTML
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part4-cyber-observable-obj
ects/stix-v2.0-csprd01-part4-cyber-observable-objects.html> 

PDF
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part4-cyber-observable-obj
ects/stix-v2.0-csprd01-part4-cyber-observable-objects.pdf> 


5

STIX Patterning

Editable Authoritative Source (DOCX)
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part5-stix-patterning/stix
-v2.0-csprd01-part5-stix-patterning.docx> 

HTML
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part5-stix-patterning/stix
-v2.0-csprd01-part5-stix-patterning.html> 

PDF
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/part5-stix-patterning/stix
-v2.0-csprd01-part5-stix-patterning.pdf> 

 

For your convenience, OASIS also provides a complete package of the prose
documents and related files in a ZIP distribution file. You can download the
ZIP file here
<http://docs.oasis-open.org/cti/stix/v2.0/csprd01/stix-v2.0-csprd01.zip> .

 

How To Comment on STIX 2.0

Comments on STIX 2.0 may be submitted to the TC by any person through the
use of the OASIS TC Comment Facility
<https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cti> .
Comments submitted by TC non-members for this work and for other work of
this TC are publicly archived and can be viewed here
<https://lists.oasis-open.org/archives/cti-comment/> .  Please submit any
comments before the public comment period ends on April 6, 2017.

 

By submitting comments you implicitly agree to the terms of the OASIS
Feedback License
<https://www.oasis-open.org/policies-guidelines/ipr#appendixa> , which
ensures that any alterations made to the specifications based upon your
feedback are covered by the same IPR protections under which TC members
operate.  In addition, in connection with this public review of STIX 2.0, we
call your attention to the OASIS IPR Policy
<https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode>
applicable to the work of this technical committee. While all members of the
TC should already be familiar with this document (which may create
obligations regarding the disclosure and availability of a member's patent,
copyright, trademark and license rights that read on an approved OASIS
specification), public reviewers who are not TC members are encouraged to
review the OASIS IPR Policy.  OASIS invites any persons who know of any such
claims to disclose these if they may be essential to the implementation of
the above specification, so that notice of them may be posted to the notice
page for this TC's work.

 

Invitation to Forward This Call for Comments

OASIS and the CTI TC encourage widespread public review of the STIX 2.0
specifications.  Therefore, please feel free to forward this call for
comments onto any and all interested parties.



Thank you.

 

Regards,

 

Richard J. Struse 

Chair, OASIS Cyber Threat Intelligence (CTI) Technical Committee

 

Chief Advanced Technology Officer

National Cybersecurity and Communications Integration Center (NCCIC) 

Cyber Security & Communications

U.S. Department of Homeland Security


e-mail:   <mailto:Richard.Struse@dhs.gov> Richard.Struse@dhs.gov
Phone:  202-527-2361