STIX/TAXII 2.0 Training

*The training is currently sold out. If interested in attending, please contact events@oasis-open.org to join the wait list.
Priority on the wait list will be given to attendees also planning to attend Borderless Cyber.

**Our cancellation/no-show policy is in effect (view policy). To avoid any penalty at this late date, please be sure to secure a substitute to take your place at the event. Information regarding substitutes should be directed to events@oasis-open.org.

Date/Time:
Friday, 5 October
8:30 AM - 4:30 PM

Overview:
Members of the OASIS CTI Technical Committee plan to offer a FREE, one-day training course on the latest versions of STIX and TAXII specification on Friday, 5 October. Training day is designed for security professionals who have a need to understand and manipulate threat intelligence to include developers and analysts from the academic, government, and other communities.

The program will focus on the latest version of STIX (version 2.0) Cyber Threat Intelligence data model targeted at security professionals who have a need to understand and manipulate threat intelligence. Emphasis will be placed on translating real-world published threat reports into the STIX data model.

Host:
Georgetown University Hotel & Conference Center
Meeting Room: Salon H

Target Audience:
Security professionals who have a need to understand and manipulate threat intelligence to include developers and analysts from the academic, government, and other communities.

Technology requirements:
You're welcome to bring your laptop, but it’s not required.

Transportation, parking and hotel accommodations:
Georgetown University provides complimentary shuttle transportation to and from Dupont Circle and Rosslyn metro stations between 7:00 AM-11:00 PM.
Schedule: https://transportation.georgetown.edu/guts/rosslyn#

The shuttle drops off on campus at the bus turnaround area down the hill from the hotel. Once the shuttle drops guests off, there is another shuttle that can be taken from that point up the hill to the Conference Center entrance.

If people plan to drive, it is recommended that they use the Southwest garage located off the Canal Rd entrance to the campus. The cost is $25/day. CASH is only accepted. Please note: The parking garage located at the Conference Center has an increased rate of $75/day.


Additional information on commuting to Georgetown University.

Hotel reservations can be made directly with the Georgetown University Hotel and Conference Center.
https://www.acc-guhotelandconferencecenter.com/rooms.html



Training Agenda

8:30 am – 9:00 am
Check-in and Refreshments

9.00 am – 9.30 am
Brief Overview on STIX/TAXII & History
Instructor: Mark Davidson, Development Manager, NC4

9.30 am – 11:30 am
STIX 2 Data Model Foundations
Instructors: Sarah Kelley, Lead Cyber Security Engineer, MITRE and Jason Keirstead, Senior Technical Staff Member, IBM

  • Use Cases supported
  • Overall architecture
  • Working with objects and how to construct related intelligence
  • Object versioning
  • Customization and extension
  • Pattern language introduction and examples
  • Interop implications integrated throughout

11:30 am - 12:30 pm
Break for lunch (lunch is on your own)

12:30 pm – 1:30 pm
Interop Foundations
Instructor: Jason Keirstead, Senior Technical Staff Member, IBM

  • STIX Preferred
  • Personas
  • Test Organization
  • TAXII Interoperability Considerations
  • Use Cases & Verification

1:30 pm - 2:30 pm
TAXII 2.0
Instructor: Bret Jordan, Director of Cyber Security, Symantec Corporation

  • Key methods
  • Filtering techniques
  • Post/get methods
  • Interop persona, test methodology…etc.

2:30 pm - 3:00 pm
Refreshment break (coffee/soda provided)

3.00 pm – 4:30 pm
STIX/TAXII 2 In Practice
All Instructors

  • Leveraging STIX2 for Modelling TI
    o Key things to consider when your modelling
    o Specific examples of
    ~~ intel report to STIX model
    ~~ indicators vs sightings and why
    ~~ how to model common uses for mitigation leveraging pattern grammar