OASIS Cyber Threat Intelligence STIX/TAXII version 2 Training

The OASIS CTI TC is offering a FREE, one-day training course on the new versions of STIX and TAXII – STIX2/TAXII2 on Wednesday, June 6th. This training is targeted at developers and analysts who are interested in learning more about these new standards. Both in-person and remote participation options are available.

STIX/TAXII v2 Training Agenda
Theory/Introduction Key Lessons Learned
Wednesday, June 6, 2018

Target audience:

• Developers
• Analysts

Pre-requisites:

• Some programming experience helpful (e.g. python), but not required
• Some experience in threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations make inform decisions regarding their response to the threat. and security technologies

 

Register Now

 

---

Draft Agenda:

9.00 am – 9.30 am: Overview on STIX/TAXII & History

9.30 am – 12.00 pm: STIX 2 Data Model Foundations

• Use Cases supported
• Overall architecture
• Working with objects and how to construct related intelligence
• Object versioning
• Customization and extension
• Pattern language introduction and examples
• Interop implications integrated throughout

12.00 pm – 1.00 pm: Lunch

1.00 pm – 3.00 pm: TAXII 2 & Interop Foundations

• Key methods
• Filtering techniques
• Post/get methods
• Interop persona, test methodology…etc.

3.00 pm – 3.30 pm: Coffee/Break

3.30 pm – 6.00 pm: STIX/TAXII 2 In Practice

• Leveraging STIX2 for Modelling TI
  • Key things to consider when your modelling
  • Specific examples of
    • intel report to stix model
    • indicators vs sightings and why
    • how to model common uses for mitigation leveraging pattern grammar
• Using PythonSTIX2 tutorial/implementation guidance
  • Programming using the MITRE libraries