Agenda for the STIX/TAXII Interop call at 9am PST Weds.
- Review latest merge of common connection and error logging changes
- Review test checklist changes for all persona including TIP, SIEM, DFP, TMS, TDS, TIS and TXS
- Review further tests required
As a reminder if you represent an org that wishes to verify interoperability compliance for any of the product persona listed then we would appreciate your input.
- Data Feed Provider (DFP)
- Software instance that acts as a producer of STIX 2.0 content.
- Threat Intelligence Platform (TIP)
- Software instance that acts as a producer and/or Respondent of STIX 2.0 content primarily used to aggregate, refine and share intelligence with other machines
or security personnel operating other security infrastructure.
- Security Incident and Event Management system (SIEM)
- Software instance that acts as a producer and/or Respondent of STIX 2.0 content. A SIEM that produces STIX content will typically create incidents and indicators.
A SIEM that consumes STIX content will typically consume sightings, indicators.
- Threat Mitigation System (TMS)
- Software instance that acts on course of actions and other threat mitigations such as a firewall or IPS, Endpoint Detection and Response (EDR) software, etc.
- Threat Detection System (TDS)
- Software instance of any network product that monitors and/or detects such as Intrusion Detection Software (IDS), Endpoint Detection and Response (EDR) software,
web proxy, etc.
- Threat Intelligence Sink (TIS)
*NEW TO PART 2*
- Software instance that consumes STIX 2.0 content in order to perform translations to domain specific formats consumable by enforcement and/or detection systems
that do not natively support STIX 2.0. These consumers may or may not have the capability of reporting sightings. A (TIS) that consumes STIX content will typically consume indicators.
- TAXII Server (TXS) *NEW TO PART 2*
- Software instance that acts as a TAXII Server enabling sharing between producers and respondents of STIX 2 content.
We are getting close to finalizing the Part 2 document so if you believe interoperability is important to your org ->
GET INVOLVED!!!!
Regards
Allan
|