This presentation from Blue Coat Labs and STIX committee member Bret Jordan walks through the subject of cyber threat formats and parsing. As we all have experienced, the world of cyber threat indications resembles XKCD’s comment on standards:
It sometimes seems that hundreds of millions of dollars in opex, and billions in investment, are being poured into nothing more than databases and systems integration work to normalize and make useful all these different formats. In this light, I’m going to propose a new standard: STIX fields in protobuf3 over http/2…on the blockchain. Seeking pull requests!