This would be an example of an atomic indicator within the STIX framework. You should notice that this indicator is actually comprised of a single observable: a list of domain names. A STIX Indicator with Domains in a Watch list
< indicator:Title>Mutex: ((*HKG^%3 < indicator:Title>ID: < indicator:Type xsi:type='stixVocabs:IndicatorTypeVocab-1.1'>Malware Artifacts < indicator:Title>Mutex: 1vvb8888dHuman readability was considered important for early adoption as well as sustained use.
The last guiding principle was the inverse to the fifth however, it was just as important that STIX language was human-readable as well. The fifth guiding principle focused on supporting automation through maximizing structure and consistency. The fourth guiding principle revolves around extensibility of the design of the STIX language allowing for extension mechanisms for domain-specific use, localized use or for user-driven refinement/evolution. 23 The third guiding principle was to provide as much flexibility as possible in what portions of the standardized language representation are required to be included in reporting a knowledge element. This includes projects like Cyber Observable eXpression (CybOX), 21 Common Attack Pattern Enumeration and Classification (CAPEC) 22 and Malware Attribute Enumeration and Characterization (MAEC). The second guiding principle was to integrate, either directly or loosely, with other threat intelligence expression languages.
#FIREEYE SERIAL COMMUNICATION PROTOCOL MANUAL FULL#
The first guiding principle was being able to provide coverage across the entire cyber security domain by providing full expressivity for reporting knowledge elements. STIX was designed with several guiding principles 20 in mind. 19 As mentioned earlier, STIX leverages TAXII as its transport mechanism such that it is delivered as part of the TAXII “payload.” 18 As at the time of writing, STIX is currently at Version 1.1.1. STIX was first defined publicly with Version 0.3 in September 2012.
The MITRE Corporation has also copyrighted the STIX expression language in an effort to keep it an open standard that can be leveraged by enterprises, government agencies and security vendors. Like TAXII, STIX is a community-driven project currently led and sponsored by the office of Cybersecurity and Communications at the United States DHS. The Structured Threat Information eXpression, or STIX, is an XML structured language for expressing and sharing threat intelligence.
Will Gragido, in Threat Forecasting, 2016 STIX
0 kommentar(er)
