CybOX - News 
CybOX

Cyber Observable eXpression

A Structured Language for Cyber Observables

CybOX Language — Version 2.1
Home > News  

News & Events

Right-click and copy a URL to share an article. Send feedback about this page to cybox@mitre.org.

CybOX, TAXII, and STIX Mentioned in Article about the President's New Initiative for Cyber Threat Information Sharing on GCN.com

February 26, 2015 | Share this article

Cyber Observables eXpression (CybOX™), Trusted Automated eXchange of Indicator Information (TAXII™), Structured Threat Information Expression (STIX™), are mentioned in a February 13, 2015 article entitled "Cyber info sharing: More noise than signal?" on GCN.com. The main topic of the article is "The Obama administration's most recent push to improve U.S. cybersecurity tries to ratchet up efforts to improve information sharing both within government and with the private sector. Shortly after, the administration announced the formation of a new Cyber Threat Intelligence Integration Center that's intended to be the government's focus for rapid collection and dissemination of information on cyberthreats."

CybOX, TAXII, and STIX are mentioned when the author states: "Technically, the tools for sharing have also progressed, leading to a number of acronymic specs such as TAXII (the Trusted Automated eXchange of Indicator Information), STIX (the Structured Threat Information eXpression) and the Cyber Observable eXpression (cybOX). Joining them recently is the Data Aggregation Reference Architecture (DARA), a first response to the 2012 National Strategy for Information Sharing and Safeguarding. These and other tools all perform important roles. DARA, for example, is aimed at providing a model for how various groups can pull data sets together in order to improve security while also protecting individual privacy, which has been one of the big stumbling blocks to sharing of information."

The article also discusses Microsoft Corporation's "Interflow" automated cybersecurity and threat information exchange platform, which is "based on the STIX™[1] (Structured Threat Information eXpression), TAXII™[2] (Trusted Automated eXchange of Indicator Information), and CybOX™[3] (Cyber Observable eXpression standards) specifications", according to the Interflow website.

CybOX, TAXII, and STIX Mentioned in Article about National Health ISAC's "60-Minute Response to the Anthem Attack"

February 26, 2015 | Share this article

Cyber Observables eXpression (CybOX™), Trusted Automated eXchange of Indicator Information (TAXII™), and Structured Threat Information Expression (STIX™) are mentioned in a February 12, 2015 article entitled "Press Release: The National Health ISAC (NH-ISAC) 60-Minute Response to the Anthem Attack" on TickerReport.com.

The main topic of the article is the National Health Information Sharing and Analysis Center's (NH-ISAC) response to the "… largest data breach in the healthcare sector to date. Anthem Inc., one of the largest insurance providers, announced last week that cyber attackers compromised their networks and obtained access to sensitive information impacting approximately 80 million customers."

CybOX, STIX, and TAXII are first mentioned when the author states: "The key to obtaining quality cyber threat intelligence lies in developing trusted partnerships. Through those relationships, sector and cross-sector information-sharing agreements are established to define the rules of partner engagement within the trust circle. This past year, NIST published guidance NIST Special Publication 800-150 Guide to Cyber Threat Information Sharing. And in recent years with funding from the Department of Homeland Security, MITRE, a leader in the development of data standards developed several cyber threat information sharing data standards that include STIX, TAXII and CybOX to facilitate automated exchanges of structured cyber threat intelligence."

TAXII and STIX are mentioned a second time when the author states: "Sharing timely and relevant information is often the best hope an organization has of discovering malicious activity, which is so stealthy it often floats under the radar of cyber defenses." Leveraging the NH-ISAC's National Health Cybersecurity Intelligence System providing automated access (STIX AND TAXII) to security intelligence and Alert Advisories, many of NH-ISAC's members reported back whether they had seen the IOCs in their environments. This helped NH-ISAC determine if the Anthem breach was a broader attack against the health sector. Similarly, receiving feedback from other ISACs as to whether their members had seen the same activity helped determine if this was a cross-sector attack. Bi-directional sector and cross-sector cyber intelligence information sharing is critical to determine the extent of the attack and the coordinated response countermeasures needed."

SPLUNK's "SPLICE Version 1.3.1" Supports STIX, CybOX, and TAXII

February 26, 2015 | Share this article

SPLUNK announced the release of SPLICE Version 1.3.1 on February 3, 2015. Changes for the release include a parser for Structured Threat Information Expression (STIX™) Email objects; improved the existing parser for STIX URI objects; Splunk Enterprise Security (ES) Integration; pre-configured Trusted Automated eXchange of Indicator Information (TAXII™) feeds for hailataxii.com; and bug fixes.

"SPLICE currently supports [Structured Threat Information Expression (STIX™)] 1.1, [Cyber Observables eXpression (CybOX™)] 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds."

CybOX Project Documentation Repository Now Available on GitHub.com

February 26, 2015 | Share this article

A "CybOX Project Documentation Repository" is available on the CybOXProject page on GitHub.com. The goal of this documentation is to make the CybOX Language easier to understand overall and to help users start working with CybOX immediately.

This new documentation collection currently includes the following:

Any feedback on this new collection is greatly appreciated, both on what we have now and on suggestions for what to add in the future, on the CybOX Community Email Discussion List or directly to cybox@mitre.org.

Python-CybOX Version 2.1.0.9 Now Available on GitHub.com

February 26, 2015 | Share this article

Python-CybOX Version 2.1.0.9 is now available to view the source code in the CybOXProject repository on GitHub.com and for download from the CybOX PyPI page as of December 22, 2014. A complete list of changes is available in the difference report.

Page Last Updated: February 26, 2015