CybOX

Cyber Observable eXpression

A Structured Language for Cyber Observables

CybOX Language — Version 2.1
Home > News   

News & Events

October 9, 2014

CybOX, MAEC, and STIX Cited as Product Features on ReversingLabs Website for Its TitaniumCore Software Product

Cyber Observables eXpression (CybOX™), Malware Attribute Enumeration and Characterization (MAEC™), and Structured Threat Information Expression (STIX™) are included as product features on the ReversingLabs website for its TitaniumCore software product, which "performs Active Decomposition of files for game-changing detection and anaysis of cyber threats. Active Decomposition unpacks files and extracts internal threat indicators at millisecond speed to provide the industry's most broad and comprehensive threat coverage."

CybOX, MAEC, and STIX are included in the "Features" section of the page as bullet number 9 of 12, as follows: "Results exported in CybOX, MAEC, STIX and IOC [formats]".

CybOX, STIX, TAXII, and MAEC Cited in Book about Cloud-Based Design and Manufacturing

Cyber Observables eXpression (CybOX™), Structured Threat Information Expression (STIX™), Trusted Automated eXchange of Indicator Information (TAXII™), and Malware Attribute Enumeration and Characterization (MAEC™) are cited in a book entitled "Cloud-Based Design and Manufacturing (CBDM): A Service-Oriented Product Development Paradigm for the 21st Century," edited by Dirk Schaefer, Springer International Publishing, published on July 1, 2014, in a chapter entitled "Distributed, collaborative, and Automated Cybersecurity Infrastructures," by J. Lane Thames.

STIX, TAXII, CybOX, and MAEC are cited in "Section 3. 4, Intrusion Prevention." In addition, TAXII is the main topic of "Section 4.1, TAXII," and STIX is the main topic of "Section 4.2, STIX."

The book is available for purchase from online bookstores.

September 11, 2014

CybOX and TAXII Mentioned in Article about STIX on Forrester.com

Structured Threat Information Expression (STIX™) is the main topic of a July 15, 2014 article entitled "got STIX?" on Forrester.com. Along with STIX, and Cyber Observables eXpression (CybOX™) and Trusted Automated eXchange of Indicator Information (TAXII™) are also mentioned when the author states: "There are a number of standards that have emerged to facilitate sharing. The Department of Homeland Security along with MITRE are driving the TAXII, STIX, CybOX specifications "to automate and structure operational cybersecurity information-sharing techniques across the globe." The FS-ISAC has been an early adopter and supporter of these specifications."

The author also notes that adoption of these efforts is in the early stages, and that he is interested in learning more about real-world use case integrations.

Python-CybOX Version 2.1.0.7 Now Available on GitHub.com

Python-CybOX Version 2.1.0.7 is now available in the CybOXProject repository on GitHub.com, as well as on the CybOX PyPI page. A complete list of changes is available in the release notes.

June 27, 2014

CyBOX/STIX/TAXII Included in Announcement about Microsoft's "Interflow" Threat Information Exchange Platform

Cyber Observables eXpression (CybOX™), Structured Threat Information Expression (STIX™), and Trusted Automated eXchange of Indicator Information (TAXII™) are mentioned in a June 23, 2014 announcement by Microsoft Corporation entitled "Driving a Collectively Stronger Security Community with Microsoft Interflow" on its TechNet blog. The main focus of the announcement is that the "Microsoft Interflow" cybersecurity and threat information exchange platform is in "private preview."

STIX, TAXII, and CybOX are mentioned in the article as follows: "One may ask what exactly it means to share security and threat information using Interflow. The answer is simple: Interflow is a distributed system where users decide what communities to form, what data feeds to bring to their communities, and with whom to share data feeds. In addition, the use of open specifications STIX™ Structured Threat Information eXpression), TAXII™ (Trusted Automated eXchange of Indicator Information), and CybOX™ (Cyber Observable eXpression standards) means that Interflow can integrate with existing operational and analytical tools through a plug-in architecture. This means there is no lock-in to proprietary data formats, appliances or subscriptions, all of which raise the cost of cybersecurity."

CybOX/STIX/TAXII Referenced throughout Microsoft's "Interflow" Website

Cyber Observables eXpression (CybOX™), Structured Threat Information Expression (STIX™), and Trusted Automated eXchange of Indicator Information (TAXII™) are referenced throughout the "Microsoft Interflow" section of Microsoft Corporation's Security TechCenter Website.

STIX, TAXII, and CybOX are the main focus of the answer to the first question of the FAQs, "What is Interflow?", as follows: "Interflow is a security automation platform for the exchange of security and threat information based on the STIX™[1] (Structured Threat Information eXpression), TAXII™[2] (Trusted Automated eXchange of Indicator Information), and CybOX™[3] (Cyber Observable eXpression standards) specifications. It contributes to a collectively stronger security ecosystem by enabling action through information."

In addition, STIX, TAXII, and CybOX are mentioned in a section of the web collection entitled "Prioritize action through automation," as follows: "Automation of security and threat information collection, processing, and integration helps to reduce the overall cost of an organization's defense efforts, versus manual or semi-manual information collection and compilation. Community-driven specifications, such as STIX™[1], TAXII™[2], and CybOX™[3] enable automation, and help eliminate data format inconsistences for incident responders using Interflow."

STIX, TAXII, and CybOX are mentioned again in a section of the web collection entitled: "Integrate using plug-in architecture," as follows: "Interflow incorporates community-driven specifications, such as STIX™[1], TAXII™[2], and CybOX™[3], making security and threat information more consumable across the industry. Use of these specifications, as well as a plug-in architecture and related Software Development Kit (SDK), help with integration of Interflow into existing operational tools and incident response systems."

The Interflow web collection is available at: http://technet.microsoft.com/en-us/security/dn750892.

CybOX/STIX/TAXII Mentioned in Article about "Microsoft Interflow" on ThreatPost.com

Cyber Observables eXpression (CybOX™), Structured Threat Information Expression (STIX™), and Trusted Automated eXchange of Indicator Information (TAXII™) are mentioned in a June 24, 2014 article entitled "Microsoft to Preview Interflow Information Sharing Platform" on ThreatPost.com.

STIX, TAXII, and CybOX are mentioned as follows: "A private preview is scheduled to open this week for Microsoft Interflow, a distributed platform for information exchange that is built on open specifications such as the Structured Threat Information eXpression (STIX), the Trusted Automation eXchange of Indicator Information (TAXII), and the Cyber Observable eXpression standards (CybOX). Today's announcement comes 11 months after Microsoft expanded MAPP, its vendor partner information-sharing program to include incident responders." STIX and TAXII are mentioned again in a quote from Microsoft Security Response Center's lead senior security strategist, Jerry Bryant, who states that "Interflow is not the only sharing platform to support STIX and TAXII … Interflow is meant to be complementary to many of those platforms, including established one-to-many systems such as those used by the Financial Services Information Sharing and Analysis Center (FS-ISAC)."

CybOX/STIX/TAXII Mentioned in Article about "Microsoft Interflow" on DarkReading.com

Cyber Observables eXpression (CybOX™), Structured Threat Information Expression (STIX™), and Trusted Automated eXchange of Indicator Information (TAXII™) are mentioned in a June 23, 2014 article entitled "Microsoft Unveils New Intelligence-Sharing Platform" on DarkReading.com.

The main topic of the article is the recently announced "Microsoft Interflow" cybersecurity and threat information exchange platform. STIX, TAXII, and CybOX are mentioned as follows: "The emerging Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) standards are gradually catching fire as the answer to ingesting the data efficiently. Microsoft's new Interflow uses the Department of Homeland Security-driven specs: STIX, the language architecture for the intelligence information, and TAXII, the protocol for transporting it, as well as the Cyber Observable eXpression (CybOX) spec."

STIX, TAXII, and CybOX are mentioned again when the author states: "Security experts say Microsoft's adoption of STIX, TAXII, and CybOX should help expedite the adoption of automated intelligence sharing."

CybOX/STIX/TAXII/MAEC Session at Software and Supply Chain Assurance Working Group Meeting

Cyber Observable eXpression (CybOX™), Structured Threat Information Expression (STIX™), Trusted Automated eXchange of Indicator Information (TAXII™),  and Malware Attribute Enumeration and Characterization (MAEC™) were the main topics of two working group sessions entitled "MAEC, STIX, CybOX Use Cases" at the Software and Supply Chain Assurance (SSCA) Working Group Meeting on June 9, 2014 at MITRE Corporation in McLean, Virginia, USA. The event itself, which was hosted by MITRE, ran June 9, 10, 11, and 17.

Visit the CybOX Calendar for information on this and other events.

CybOX a Discussion Topic in STIX/TAXII Briefing and Workshop Sessions at FIRST Conference 2014

Chief Advanced Technology Officer for the U.S. Department of Homeland Security's (DHS) National Cybersecurity and Communications Integration Center (NCCIC) Richard Struse presented a briefing entitled "STIX and TAXII: The Who, When, What, Where, Why and How" and led a two-part workshop untitled "Implementers' Workshop: Automated Information Sharing with TAXII and STIX" at FIRST Conference 2014 at the Boston Park Plaza Hotel in Boston, Massachusetts, USA, on June 23-24, 2014. The event itself ran June 22-27.

Structured Threat Information Expression (STIX™) and Trusted Automated eXchange of Indicator Information (TAXII™) were the main topics of all three sessions, and Cyber Observable eXpression (CybOX™) and Malware Attribute Enumeration and Characterization (MAEC™) were also discussed. DHS is the sponsor of STIX, TAXII, CybOX, and MAEC.

Visit the CybOX Calendar for information on this and other events.

June 5, 2014

CybOX/STIX/TAXII/MAEC Session at Software and Supply Chain Assurance Working Group Meeting on June 9

Cyber Observable eXpression (CybOX™), Structured Threat Information Expression (STIX™), Trusted Automated eXchange of Indicator Information (TAXII™), and Malware Attribute Enumeration and Characterization (MAEC™) are the main topics of two working group sessions entitled "MAEC, STIX, CybOX Use Cases" at the Software and Supply Chain Assurance (SSCA) Working Group Meeting on June 9, 2014 at MITRE Corporation in McLean, Virginia, USA. The event itself, which is hosted by MITRE, runs June 9, 10, 11, and 17.

See the event agenda for additional information.

Visit the CybOX Calendar for information on this and other events.

CybOX a Discussion Topic in STIX/TAXII Briefing and Workshop Sessions at FIRST Conference 2014, June 23-24

Chief Advanced Technology Officer for the U.S. Department of Homeland Security's (DHS) National Cybersecurity and Communications Integration Center (NCCIC) Richard Struse will present a briefing entitled "STIX and TAXII: The Who, When, What, Where, Why and How" and lead a two-part workshop untitled "Implementers' Workshop: Automated Information Sharing with TAXII and STIX" at FIRST Conference 2014 at the Boston Park Plaza Hotel in Boston, Massachusetts, USA, on June 23-24, 2014. The entire event runs June 22-27.

Structured Threat Information Expression (STIX™) and Trusted Automated eXchange of Indicator Information (TAXII™) are the main topics of all three sessions, and Cyber Observable eXpression (CybOX™) and Malware Attribute Enumeration and Characterization (MAEC™) will also be discussed. DHS is the sponsor of STIX, TAXII, CybOX, and MAEC.

Visit the CybOX Calendar for information on this and other events.

CybOX/TAXII/STIX Briefing at Secure 360 Conference

CybOX Team Member/TAXII Co-Technical Lead Charles Schmidt presented a briefing entitled "Threat Intelligence Sharing using STIX and TAXII" at Secure 360 Conference at the St. Paul River Centre in St. Paul, Minnesota, USA on May 14, 2014. The conference itself ran May 12-14.

The main focus of the briefing is was an introduction to Cyber Observables eXpression (CybOX™), Structured Threat Information Expression (STIX™), and Trusted Automated eXchange of Indicator Information (TAXII™) and the goals and capabilities of each, as well as future plans. Common Attack Pattern Enumeration and Classification (CAPEC™) and Malware Attribute Enumeration and Characterization (MAEC™) are also referenced.

Visit the CybOX Calendar for information on this and other events.

CybOX Included as Discussion Topic at STIX/TAXII Technical Colloquium

CybOX was included as a discussion topic during the no-fee STIX/TAXII Technical Colloquium about Structured Threat Information Expression (STIX™) and Trusted Automated eXchange of Indicator Information (TAXII™) hosted by Forum of Incident Response and Security Teams (FIRST) at Microsoft Corporation in Redmond, Washington, USA on May 19-20, 2014.

Cyber Observables eXpression (CybOX™), Common Attack Pattern Enumeration and Classification (CAPEC™) and Malware Attribute Enumeration and Characterization (MAEC™) were also referenced.

Visit the CybOX Calendar for information on this and other events.

May 13, 2014

CybOX, TAXII, and STIX Mentioned in Article about Cyber Threat Information Sharing on FederalBluePrint.com

Cyber Observables eXpression (CybOX™), Trusted Automated eXchange of Indicator Information (TAXII™), and Structured Threat Information eXpression (STIX™) are the main topics of a March 18 article entitled "How the Department of Defense and the Department of Homeland Security Are Taking Steps Toward Information Sharing" on FederalBluePrint.com. The article explains what CybOX, TAXII, and STIX are and the role each plays in standardizing the sharing of cyber threat information, that they are U.S. Department of Homeland Security (DHS)-led efforts, and that there are "many manufacturers and researchers" supporting these efforts.

In addition, Common Attack Pattern Enumeration and Classification (CAPEC™), Open Vulnerability and Assessment Language (OVAL®), and Malware Attribute Enumeration and Characterization (MAEC™) are also mentioned.

The author concludes the article by stating: "We are well under way to defining and implementing a threat information sharing architecture that ultimately provides increased situational awareness. With the efforts be led by DHS with active support from MITRE and the Analyst and Researcher communities this approach is getting traction. Many hardware and software manufacturers are actively engaged in this effort as well. The end goal of this architecture is to allow us to describe all elements of an attack, from reconnaissance activity to post-breach activity. Being able to share this information across agencies will help us to better defend our Assets by collecting a wide-angle view of attacker activity."

CybOX/TAXII/STIX Briefing at Secure 360 Conference on May 14

CybOX Team Member/TAXII Co-Technical Lead Charles Schmidt will present a briefing entitled "Threat Intelligence Sharing using STIX and TAXII" at Secure 360 Conference at the St. Paul River Centre in St. Paul, Minnesota, USA on May 14, 2014. The conference itself runs May 12-14.

The main focus of the briefing is an introduction to Cyber Observables eXpression (CybOX™), Structured Threat Information Expression (STIX™), and Trusted Automated eXchange of Indicator Information (TAXII™) and the goals and capabilities of each, as well as future plans. Common Attack Pattern Enumeration and Classification (CAPEC™) and Malware Attribute Enumeration and Characterization (MAEC™) are also referenced.

Visit the CybOX Calendar for information on this and other events.

CybOX Included as Discussion Topic at STIX/TAXII Technical Colloquium on May 19-20

CybOX will be included as a discussion topic during the no-fee STIX/TAXII Technical Colloquium about Structured Threat Information Expression (STIX™) and Trusted Automated eXchange of Indicator Information (TAXII™) being hosted by Forum of Incident Response and Security Teams (FIRST) at Microsoft Corporation in Redmond, Washington, USA on May 19-20, 2014.

Cyber Observables eXpression (CybOX™), Common Attack Pattern Enumeration and Classification (CAPEC™) and Malware Attribute Enumeration and Characterization (MAEC™) may also be referenced.

See the FIRST registration page for an agenda and registration information.

March 26, 2014

CybOX and STIX Mentioned in Book about Applied Security Network Monitoring

CybOX and Structured Threat Information Expression (STIX™) are mentioned in a book entitled "Applied Network Security Monitoring: Collection, Detection, and Analysis," by Chris Sanders and Jason Smith (Syngress; December 19, 2013). CybOX and STIX are mentioned in Chapter 7, "Detection Mechanisms, Indicators of Compromise, and Signatures." The book is available for purchase from the publisher, as well as from bookstores.

January 23, 2014

CybOX Version 2.1 Now Available

Version 2.1 of the CybOX Language is now available on the CybOX Web site. This is a minor release, per the CybOX Language Versioning Policy.

Version 2.1 includes numerous updates such as: added capabilities for recording observable sightings and geolocation information; added capabilities and fields to CybOX Object Property types; added several new object schemas including Archive Object, Domain Object, and Image Object; addressed critical bug fixes to several objects; and updated schema annotations for correctness and consistency.

A detailed list of the updates for Version 2.1 is available in the Release Notes posted on the CybOX Language Version 2.1 page.

Feedback is welcome on the CybOX Community Discussion email list and/or directly to cybox@mitre.org.

January 9, 2014

Release Candidate of CybOX Version 2.1 Now Available

A Release Candidate of Version 2.1 of the CybOX Language is now available on the CybOX Web site. Version 2.1 will be a minor release, per the CybOX Language Versioning Policy, and is scheduled to be moved to the Official state on January 23, 2014.

A complete list of the updates for Version 2.1 is available in the Release Notes.

Feedback is welcome on the CybOX Community Discussion email list and/or directly to cybox@mitre.org.

Page Last Updated: October 09, 2014