Introduction to STIX - TAXII 2 Standards

Explore the latest standards for Cyber Threat Intelligence in this comprehensive conference talk from nullcon Goa 2019. Dive into the new features and changes of STIX/TAXII Version 2.0 and 2.1, including the Interop/STIXPreferred certification program. Learn about key concepts in the STIX Data Model, covering adversary domain objects, attack-based properties, TTP domain objects, incident response properties, and detection domain objects. Discover STIX 2.1 enhancements, including confidence levels, and examine real-world examples like the Lime RAT Report. Gain insights into TAXII 2 key definitions, API root discovery, collection management, and data posting. Address STIX v1 interoperability challenges and understand the STIX TAXII 2 Preferred introduction and persona. Presented by Allan Thomson, CTO of LookingGlass Cyber Solutions and co-chair of STIX/TAXII 2 Interoperability standards, this talk offers valuable knowledge for professionals in threat intelligence, security, and InfoSec fields.

Intro
CTI, STIX, TAXI & STIX Preferred
Historical Timeline
STIX Data Model Key Concepts
Adversary Domain object: Campaign
Adversary Domain object: Intrusion Set
Adversary Domain Object: Threat Actor
Attack Based Properties - 2 Tips
TTP Domain object: Attack Pattern
TTP Domain object: Malware
TTP Based Properties - 2 Tips
Incident Response Properties - 2 Tips
Detection Domain object: Indicator
Detection Domain object: Observed Data
STIX 2.1 Enhancements
STIX 2.1 Confidence
Lime RAT Report Example...
Analysis & Mapping Lime Remote Access Tool 5
Threat Modelling Example #2...
TAXI 2 Key Definitions
TAXII 2 Key Definitions Continued
API Root Discovery
Collection Discovery
Collection Object Retrieval
Posting Data to a Collection
STIX v1 Interoperability Challenges
STIX TAXII 2 Preferred Introduction
STIX TAXII 2 Preferred - Persona
Learn More On Specifications & Tools...