STIX/TAXII 2.0 Training (in conjunction with Borderless Cyber USA)

Friday, 5 October
8:30 AM - 4:00 PM

Members of the OASIS CTI Technical Commitee plan to offer a FREE, one-day training course on the latest versions of STIX and TAXII specification on Friday, 5 October. Training day is designed for security professionals who have a need to understand and manipulate threat intelligence to include developers and analysts from the academic, government, and other communities.

The program will focus on the latest version of STIX (version 2.0) Cyber Threat Intelligence data model targeted at security professionals who have a need to understand and manipulate threat intelligence. Emphasis will be placed on translating real-world published threat reports into the STIX data model.

Host:
Georgetown University

Target Audience:
Security professionals who have a need to understand and manipulate threat intelligence to include developers and analysts from the academic, government, and other communities.

Technology requirements:
You're welcome to bring your laptop, but it’s not required.

How to register for the training:
There is no charge to attend, but registration is required. Registration includes: training, materials and refreshment breaks. Lunch will be on your own. Registration will close 15 September. Register here for the training if you're planning to also attend Borderless Cyber USA, 3-4 October at The World Bank. Use the code STIX-VIP to receive your complimentary pass to both the training and the conference.

Register using this form if only planning to attend this training session.



Preliminary Training Agenda

8:30 am – 9:00 am
Check-in and Refreshments

9.00 am – 9.30 am
Brief Overview on STIX/TAXII & History

9.30 am – 12.00 pm
STIX 2 Data Model Foundations

  • Use Cases supported
  • Overall architecture
  • Working with objects and how to construct related intelligence
  • Object versioning
  • Customization and extension
  • Pattern language introduction and examples
  • Interop implications integrated throughout

12.00 pm – 1.00 pm
Break for lunch (lunch is on your own)

1.00 pm – 3.00 pm
TAXII 2 & Interop Foundations

  • Key methods
  • Filtering techniques
  • Post/get methods
  • Interop persona, test methodology…etc.

3.00 pm – 3.30 pm
Refreshment break (coffee/soda provided)

3.30 pm – 5.00 pm
STIX/TAXII 2 In Practice

  • Leveraging STIX2 for Modelling TI
    o Key things to consider when your modelling
    o Specific examples of
    ~~ intel report to STIX model
    ~~ indicators vs sightings and why
    ~~ how to model common uses for mitigation leveraging pattern grammar

  • Using PythonSTIX2 tutorial/implementation guidance
    o Programming using the MITRE libraries