Abstract: Effectively exchanging and acting upon threat intelligence in a diverse, heterogeneous landscape such as cyber security has proven an elusive goal. With the continuous evolution of both the security tools and the attack techniques, combined with a market where new cloud based players surface on a rapid scale, having a common language to both define and apply the knowledge obtained from actual attacks is key to the success of the whole industry.
This bootcamp will present a STIX 2.0.
STIX 2.0 is a proposal the standardisation of data modelling for security products as well as application of the model through the definition of suitable patterns. After overviewing the history STIX 2.0, its applications in industry, and its model, we will focus on the libraries and the Patterning methods. Students will use real world examples of threat intelligence reports to practice first hand both the model and patterning API with bespoke exercises.

The content in these slides was presented during the BehAPI 2019 Summer School in Leicester.