OASIS Cyber Threat Intelligence STIX/TAXII version 2 Training
The OASIS CTI TC is offering a FREE, one-day training course on the new versions of STIX and TAXII – STIX2/TAXII2 on Wednesday, June 6th. This training is targeted at developers and analysts who are interested in learning more about these new standards. Both in-person and remote participation options are available.
STIX/TAXII v2 Training Agenda
Theory/Introduction Key Lessons Learned
Wednesday, June 6, 2018
Target audience:
- Developers
- Analysts
Pre-requisites:
- Some programming experience helpful (e.g. python), but not required
- Some experience in threat intelligence and security technologies
Register Now
Draft Agenda:
9.00 am – 9.30 am: Overview on STIX/TAXII & History
9.30 am – 12.00 pm: STIX 2 Data Model Foundations
- Use Cases supported
- Overall architecture
- Working with objects and how to construct related intelligence
- Object versioning
- Customization and extension
- Pattern language introduction and examples
- Interop implications integrated throughout
12.00 pm – 1.00 pm: Lunch
1.00 pm – 3.00 pm: TAXII 2 & Interop Foundations
- Key methods
- Filtering techniques
- Post/get methods
- Interop persona, test methodology…etc.
3.00 pm – 3.30 pm: Coffee/Break
3.30 pm – 6.00 pm: STIX/TAXII 2 In Practice
- Leveraging STIX2 for Modelling TI
- Key things to consider when your modelling
- Specific examples of
- intel report to stix model
- indicators vs sightings and why
- how to model common uses for mitigation leveraging pattern grammar
- Using PythonSTIX2 tutorial/implementation guidance
- Programming using the MITRE libraries