http://twigs-cti.herokuapp.com
- Simplicity
- Target the 80%
- Easy to implement
- Easy to understand
- One way of doing things
- Reduce Optionality
- Support customization in a standardized way
- Don’t allow customization everywhere, only where likely to be used
- Standardization
- Do things the same way across STIX and CybOX
- Reuse similar structures across similar yet distinct parts of the model
- Modularity
- Provide building blocks that can be reused
- Ensuring tight cohesion and low coupling
- Flexibility
- Use modularity to provide flexibility
- Flexibility is not as important as simplicity or reducing optionality
- Improve Analysis
- Explicitly modeled as a graph
- Ensure data structures are separate from metadata
- STIX 1.x compatibility (i.e., content conversion ala STIX Ramrod)
- Upconverting is a higher priority than downconverting
-
Implemented in JSON and JSON Schema per the CTI TC ballot and CTI TC JSON style guide.
-
Add a CTI Common specification for high-level constructs used across all languages.
-
The Observable and Event layers are removed from CybOX, which becomes a library of CybOX objects. In STIX, the "Observation" object covers observable instances, and indicator patterning covers observable patterns. Sightings are accomplished using a relationship between an Observation and an Indicator.
-
Controlled vocabularies are limited, and where used they allow both a hardcoded enum in the STIX default vocabulary as well as an extension value in an external vocabulary.