RE: [cti-interoperability] possible work item

[Terry MacDonald <terry@soltra.com>]

Thanks Chet! Perfect timing as always J.

 

Cheers

 

Terry MacDonald

Senior STIX Subject Matter Expert

SOLTRA | An FS-ISAC and DTCC Company

+61 (407) 203 206 | terry@soltra.com

 

 

From: Chet Ensign [mailto:chet.ensign@oasis-open.org]
Sent: Wednesday, 28 October 2015 1:19 AM
To: Kirillov, Ivan A. <ikirillov@mitre.org>
Cc: Jerome Athias <athiasjerome@gmail.com>; Davidson II, Mark S <mdavidson@mitre.org>; Jason Keirstead <Jason.Keirstead@ca.ibm.com>; Terry MacDonald <terry@soltra.com>; bret.jordan@bluecoat.com; cti-interoperability@lists.oasis-open.org
Subject: Re: [cti-interoperability] possible work item

 

Hi folks - Please don't mind OASIS staff butting into your conversation but I thought, given the topic, you might want to know that OASIS makes it very easy for Technical Committees to set up liaisons with groups outside OASIS. 

 

The details are in the Liaison Policy section on TC liaisons here -> https://www.oasis-open.org/policies-guidelines/liaison#liaisons 

 

In a nutshell though, the process is: (a) identify a member of the TC who will act as the liaison. Usually this is someone who is a member of both organizations. (b) Approve that person as liaison by a motion in a TC meeting or by an electronic ballot. (c) Notify the OASIS President (Laurent - and cc me). (d) Post the person's name and liaison organization on the TC's web page. Then that person (or persons) can act as intermediary between the two organizations to keep each other apprised of one another's work, help identify related content, etc. etc. 

 

If you have any questions on this, just let me know. This could be a positive step towards achieving the positive relationship you envison. 

 

Best, 

 

/chet

 

On Tue, Oct 27, 2015 at 8:14 AM, Kirillov, Ivan A. <ikirillov@mitre.org> wrote:

Jason Lewis from Looking Glass and perhaps some other OpenTPX folks are on the list, but I don’t believe there is anyone from Facebook. IMO, given that we’re working towards creating an OASIS standard, the onus is on them to come participate in the discussions and share their ideas. 

 

Regards,

Ivan

 

From: <cti-interoperability@lists.oasis-open.org> on behalf of Jerome Athias
Date: Tuesday, October 27, 2015 at 8:07 AM
To: Mark Davidson
Cc: Jason Keirstead, "terry@soltra.com", Bret Jordan, "cti-interoperability@lists.oasis-open.org"

Subject: Re: [cti-interoperability] possible work item

 

I concur

Btw I would expect to have some representatives of these efforts already on this mailinglist. ?

Otherwise we should invite them

On Tuesday, 27 October 2015, Davidson II, Mark S <mdavidson@mitre.org> wrote:

My personal preference would be to work with them to all use the same thing vs. having some form of mapping across them. To me, this means that we would need to be open to accepting ideas from e.g., ThreatExchange and OpenTPX (Note: I’ve taken a quick look and I think there are good things to learn from both). I’ve said this privately to some already: I think ThreatExchange, OpenTPX, et al should be treated as allies in solving the problem of information sharing.

 

Thank you.

-Mark

 

From: cti-interoperability@lists.oasis-open.org [mailto:cti-interoperability@lists.oasis-open.org] On Behalf Of Jason Keirstead
Sent: Monday, October 26, 2015 4:32 PM
To: terry@soltra.com
Cc: athiasjerome@gmail.com; bret.jordan@bluecoat.com; cti-interoperability@lists.oasis-open.org; Davidson II, Mark S <mdavidson@mitre.org>
Subject: Re: RE: [cti-interoperability] possible work item

 

It might help to get you 50% of the way, but the other 50% is the much longer pole.

 

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

 

 

----- Original message -----
From: Terry MacDonald <terry@soltra.com>
Sent by: <cti-interoperability@lists.oasis-open.org>
To: "Davidson II, Mark S" <mdavidson@mitre.org>, Jerome Athias <athiasjerome@gmail.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>
Cc: "cti-interoperability@lists.oasis-open.org" <cti-interoperability@lists.oasis-open.org>
Subject: RE: [cti-interoperability] possible work item
Date: Mon, Oct 26, 2015 1:18 PM
 

As a quick throwaway question – would moving to JSON-LD help us ‘map’ our data to OpenTPX or ThreatExchange? My thoughts are that if all three parties can agree to use JSON-LD then it becomes VERY easy to translate the data from one JSON format to another.

 

Cheers

 

Terry MacDonald

Senior STIX Subject Matter Expert

SOLTRA | An FS-ISAC and DTCC Company

+61 (407) 203 206 | terry@soltra.com

 

 

From: cti-interoperability@lists.oasis-open.org [mailto:cti-interoperability@lists.oasis-open.org] On Behalf Of Davidson II, Mark S
Sent: Tuesday, 27 October 2015 12:25 AM
To: Jerome Athias <athiasjerome@gmail.com>; Jordan, Bret <bret.jordan@bluecoat.com>
Cc: cti-interoperability@lists.oasis-open.org
Subject: RE: [cti-interoperability] possible work item

 

(This is really just a somewhat different framing, but I’ll put it in my own words)

 

I’d like to propose that the interoperability SC maintain awareness of related efforts and promote collaboration between the CTI TC and related efforts wherever possible. Specifically, I feel that treating e.g., OpenTPX and ThreatExchange as friendly will be mutually beneficial.

 

I realize this probably pushes the boundary of the term interoperability; if it doesn’t fit in the interop SC, maybe it’s just something we take on at the TC level.

 

Thank you.

-Mark

 

From: cti-interoperability@lists.oasis-open.org [mailto:cti-interoperability@lists.oasis-open.org] On Behalf Of Jerome Athias
Sent: Friday, October 23, 2015 2:16 PM
To: Jordan, Bret <bret.jordan@bluecoat.com>
Cc: cti-interoperability@lists.oasis-open.org
Subject: Re: [cti-interoperability] possible work item

 

Yeah. At the same time they could be easily challenged, because frankly speaking (Sean could kick my ass), I don't need a new-cool-fancy format to get dshield and malware domains lists integrated in my SIEM. CSV is fine

On Friday, 23 October 2015, Jordan, Bret <bret.jordan@bluecoat.com> wrote:

One thing I would like to see this group work on is:

 

* Outreach...  Meaning I would like to have us do outreach to the new OpenTPX group and the Facebook ThreatExchange group and see what kind of give-n-take would be needed for us to combine efforts.

 

From looking at it, I am guessing that each group would need to give a little. But I think a unified solution would be greater than the sum of the parts.  Yes, it will challenge some of the things we have done in STIX, but some of the things in OpenTPX and FB ThreatExchange are neat.  And we should really look in to doing them.

 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

 

--

/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393