Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incident/Event #1

Open
6 tasks
johnwunder opened this issue Feb 6, 2017 · 1 comment
Open
6 tasks

Incident/Event #1

johnwunder opened this issue Feb 6, 2017 · 1 comment
Labels
Need to Discuss STIX: Core Type: New Feature

Comments

@johnwunder
Copy link

johnwunder commented Feb 6, 2017
edited by skelley1

The development of one or more SDOs to capture incident and event information.

Work area: Working Concepts

Scope

The capture of information related to internal security events, internal security incidents, and external security-relevant events.

Examples

  • A malware infection on an internal laptop
  • Tracking an incident response to an APT intrusion
  • A threat actor changes a C2 domain
  • Reporting an incident to a third-party, such as US-CERT or DC3
  • Public incident repositories, such as VERIS

Open Questions

  • Is there a single SDO to capture both incident and event information?
  • If so, how is the status "incident" captured?
  • Do you need to distinguish between internal, security-relevant events and external information?
  • How do you track workflow/timestamps?
  • How do you track POCs?
  • How is it related to observed data?
@johnwunder johnwunder added this to the STIX 2.1 - Development milestone Feb 6, 2017
@skelley1 skelley1 mentioned this issue Mar 5, 2018
Closed
@treyka treyka mentioned this issue Mar 7, 2018
Closed
@skelley1
Copy link

skelley1 commented Mar 7, 2018

This has been pushed from the 2.1 since we did not agree on a proposal.

@johnwunder johnwunder removed this from the STIX 2.1 - Development milestone Apr 25, 2018
@JasonKeirstead JasonKeirstead mentioned this issue May 11, 2018
Closed
@jordan2175 jordan2175 added this to the 2.2-csd01-wd01 milestone May 29, 2019
@jordan2175 jordan2175 modified the milestone: 2.2-csd01-wd01 May 29, 2019
@jordan2175 jordan2175 modified the milestones: 2.2-csd01-wd01, unknown Jul 2, 2019
@jordan2175 jordan2175 removed this from the unknown milestone Feb 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Need to Discuss STIX: Core Type: New Feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@johnwunder @jordan2175 @skelley1