Re: [cti-interoperability] possible work item

[Jerome Athias <athiasjerome@gmail.com>]

I concur

Btw I would expect to have some representatives of these efforts already on this mailinglist. ?

Otherwise we should invite them

On Tuesday, 27 October 2015, Davidson II, Mark S <mdavidson@mitre.org> wrote:

My personal preference would be to work with them to all use the same thing vs. having some form of mapping across them. To me, this means that we would need to be open to accepting ideas from e.g., ThreatExchange and OpenTPX (Note: I’ve taken a quick look and I think there are good things to learn from both). I’ve said this privately to some already: I think ThreatExchange, OpenTPX, et al should be treated as allies in solving the problem of information sharing.

 

Thank you.

-Mark

 

From: cti-interoperability@lists.oasis-open.org [mailto:cti-interoperability@lists.oasis-open.org] On Behalf Of Jason Keirstead
Sent: Monday, October 26, 2015 4:32 PM
To: terry@soltra.com
Cc: athiasjerome@gmail.com; bret.jordan@bluecoat.com; cti-interoperability@lists.oasis-open.org; Davidson II, Mark S <mdavidson@mitre.org>
Subject: Re: RE: [cti-interoperability] possible work item

 

It might help to get you 50% of the way, but the other 50% is the much longer pole.

 

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

 

 

----- Original message -----
From: Terry MacDonald <terry@soltra.com>
Sent by: <cti-interoperability@lists.oasis-open.org>
To: "Davidson II, Mark S" <mdavidson@mitre.org>, Jerome Athias <athiasjerome@gmail.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>
Cc: "cti-interoperability@lists.oasis-open.org" <cti-interoperability@lists.oasis-open.org>
Subject: RE: [cti-interoperability] possible work item
Date: Mon, Oct 26, 2015 1:18 PM
 

As a quick throwaway question – would moving to JSON-LD help us ‘map’ our data to OpenTPX or ThreatExchange? My thoughts are that if all three parties can agree to use JSON-LD then it becomes VERY easy to translate the data from one JSON format to another.

 

Cheers

 

Terry MacDonald

Senior STIX Subject Matter Expert

SOLTRA | An FS-ISAC and DTCC Company

+61 (407) 203 206 | terry@soltra.com

 

 

From: cti-interoperability@lists.oasis-open.org [mailto:cti-interoperability@lists.oasis-open.org] On Behalf Of Davidson II, Mark S
Sent: Tuesday, 27 October 2015 12:25 AM
To: Jerome Athias <athiasjerome@gmail.com>; Jordan, Bret <bret.jordan@bluecoat.com>
Cc: cti-interoperability@lists.oasis-open.org
Subject: RE: [cti-interoperability] possible work item

 

(This is really just a somewhat different framing, but I’ll put it in my own words)

 

I’d like to propose that the interoperability SC maintain awareness of related efforts and promote collaboration between the CTI TC and related efforts wherever possible. Specifically, I feel that treating e.g., OpenTPX and ThreatExchange as friendly will be mutually beneficial.

 

I realize this probably pushes the boundary of the term interoperability; if it doesn’t fit in the interop SC, maybe it’s just something we take on at the TC level.

 

Thank you.

-Mark

 

From: cti-interoperability@lists.oasis-open.org [mailto:cti-interoperability@lists.oasis-open.org] On Behalf Of Jerome Athias
Sent: Friday, October 23, 2015 2:16 PM
To: Jordan, Bret <bret.jordan@bluecoat.com>
Cc: cti-interoperability@lists.oasis-open.org
Subject: Re: [cti-interoperability] possible work item

 

Yeah. At the same time they could be easily challenged, because frankly speaking (Sean could kick my ass), I don't need a new-cool-fancy format to get dshield and malware domains lists integrated in my SIEM. CSV is fine

On Friday, 23 October 2015, Jordan, Bret <bret.jordan@bluecoat.com> wrote:

One thing I would like to see this group work on is:

 

* Outreach...  Meaning I would like to have us do outreach to the new OpenTPX group and the Facebook ThreatExchange group and see what kind of give-n-take would be needed for us to combine efforts.

 

From looking at it, I am guessing that each group would need to give a little. But I think a unified solution would be greater than the sum of the parts.  Yes, it will challenge some of the things we have done in STIX, but some of the things in OpenTPX and FB ThreatExchange are neat.  And we should really look in to doing them.

 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php