+1
Terry MacDonald
Senior STIX Subject Matter Expert
SOLTRA | An FS-ISAC and DTCC Company
+61 (407) 203 206 |
terry@soltra.com
From: Jordan, Bret [mailto:bret.jordan@bluecoat.com]
Sent: Wednesday, 28 October 2015 1:15 AM
To: Davidson II, Mark S <mdavidson@mitre.org>
Cc: Jason Keirstead <Jason.Keirstead@ca.ibm.com>; Terry MacDonald <terry@soltra.com>; athiasjerome@gmail.com; cti-interoperability@lists.oasis-open.org
Subject: Re: [cti-interoperability] possible work item
I am in favor of us treating other efforts as allies. And with ever one that gets created we should ask our selves the hard questions of:
"why did they feel the need to go create YACS." And "why did STIX not work for them".
Once we understand those questions we can make changes to gain greater adoption.
Sent from my Commodore 64
My personal preference would be to work with them to all use the same thing vs. having some form of mapping across them. To me, this means that we would need
to be open to accepting ideas from e.g., ThreatExchange and OpenTPX (Note: I’ve taken a quick look and I think there are good things to learn from both). I’ve said this privately to some already: I think ThreatExchange, OpenTPX, et al should be treated as
allies in solving the problem of information sharing.
Thank you.
-Mark
From:
cti-interoperability@lists.oasis-open.org [mailto:cti-interoperability@lists.oasis-open.org]
On Behalf Of Jason Keirstead
Sent: Monday, October 26, 2015 4:32 PM
To: terry@soltra.com
Cc: athiasjerome@gmail.com;
bret.jordan@bluecoat.com;
cti-interoperability@lists.oasis-open.org; Davidson II, Mark S <mdavidson@mitre.org>
Subject: Re: RE: [cti-interoperability] possible work item
It might help to get you 50% of the way, but the other 50% is the much longer pole.
-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security |
www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
----- Original message -----
From: Terry MacDonald <terry@soltra.com>
Sent by: <cti-interoperability@lists.oasis-open.org>
To: "Davidson II, Mark S" <mdavidson@mitre.org>, Jerome Athias <athiasjerome@gmail.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>
Cc: "cti-interoperability@lists.oasis-open.org" <cti-interoperability@lists.oasis-open.org>
Subject: RE: [cti-interoperability] possible work item
Date: Mon, Oct 26, 2015 1:18 PM
As a quick throwaway question – would moving to JSON-LD help us ‘map’ our data to OpenTPX or ThreatExchange? My thoughts are that if all three parties
can agree to use JSON-LD then it becomes VERY easy to translate the data from one JSON format to another.
Cheers
Terry MacDonald
Senior STIX Subject Matter Expert
SOLTRA | An FS-ISAC and DTCC Company
+61 (407) 203 206 |
terry@soltra.com
(This is really just a somewhat different framing, but I’ll put it in my own words)
I’d like to propose that the interoperability SC maintain awareness of related efforts and promote collaboration between the CTI TC and related efforts
wherever possible. Specifically, I feel that treating e.g., OpenTPX and ThreatExchange as friendly will be mutually beneficial.
I realize this probably pushes the boundary of the term interoperability; if it doesn’t fit in the interop SC, maybe it’s just something we take on at
the TC level.
Thank you.
-Mark
From:
cti-interoperability@lists.oasis-open.org [mailto:cti-interoperability@lists.oasis-open.org]
On Behalf Of Jerome Athias
Sent: Friday, October 23, 2015 2:16 PM
To: Jordan, Bret <bret.jordan@bluecoat.com>
Cc:
cti-interoperability@lists.oasis-open.org
Subject: Re: [cti-interoperability] possible work item
Yeah. At the same time they could be easily challenged, because frankly speaking (Sean could kick my ass), I don't need a new-cool-fancy format to get dshield and malware
domains lists integrated in my SIEM. CSV is fine
On Friday, 23 October 2015, Jordan, Bret <bret.jordan@bluecoat.com> wrote:
One thing I would like to see this group work on is:
* Outreach... Meaning I would like to have us do outreach to the new OpenTPX group and the Facebook ThreatExchange group and see what kind of give-n-take would be needed
for us to combine efforts.
From looking at it, I am guessing that each group would need to give a little. But I think a unified solution would be greater than the sum of the parts. Yes, it will
challenge some of the things we have done in STIX, but some of the things in OpenTPX and FB ThreatExchange are neat. And we should really look in to doing them.
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
|