OASIS Cyber Threat Intelligence STIX/TAXII version 2 Training

The OASIS CTI TC is offering a FREE, one-day training course on the new versions of STIX and TAXII – STIX2/TAXII2 on Wednesday, June 6th. This training is targeted at developers and analysts who are interested in learning more about these new standards. Both in-person and remote participation options are available.

STIX/TAXII v2 Training Agenda
Theory/Introduction Key Lessons Learned
Wednesday, June 6, 2018

Target audience:

Developers
Analysts

Pre-requisites:

Some programming experience helpful (e.g. python), but not required
Some experience in threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... and security technologies

Draft Agenda:

9.00 am – 9.30 am: Overview on STIX/TAXII & History

9.30 am – 12.00 pm: STIX 2 Data Model Foundations

Use Cases supported
Overall architecture
Working with objects and how to construct related intelligence
Object versioning
Customization and extension
Pattern language introduction and examples
Interop implications integrated throughout

12.00 pm – 1.00 pm: Lunch

1.00 pm – 3.00 pm: TAXII 2 & Interop Foundations

Key methods
Filtering techniques
Post/get methods
Interop persona, test methodology…etc.

3.00 pm – 3.30 pm: Coffee/Break

3.30 pm – 6.00 pm: STIX/TAXII 2 In Practice

Leveraging STIX2 for Modelling TI
- Key things to consider when your modelling
- Specific examples of
  - intel report to stix model
  - indicators vs sightings and why
  - how to model common uses for mitigation leveraging pattern grammar
Using PythonSTIX2 tutorial/implementation guidance
- Programming using the MITRE libraries