OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-interoperability message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Interoperability Weekly Call Agenda

Agenda for the STIX/TAXII Interop call at 9am PST Weds.

 

  1. Review latest merge of common connection and error logging changes
  2. Review test checklist changes for all persona including TIP, SIEM, DFP, TMS, TDS, TIS and TXS
  3. Review further tests required

 

As a reminder if you represent an org that wishes to verify interoperability compliance for any of the product persona listed then we would appreciate your input.

 

  • Data Feed Provider (DFP)
    • Software instance that acts as a producer of STIX 2.0 content.
  • Threat Intelligence Platform (TIP)
    • Software instance that acts as a producer and/or Respondent of STIX 2.0 content primarily used to aggregate, refine and share intelligence with other machines or security personnel operating other security infrastructure.
  • Security Incident and Event Management system (SIEM)
    • Software instance that acts as a producer and/or Respondent of STIX 2.0 content. A SIEM that produces STIX content will typically create incidents and indicators. A SIEM that consumes STIX content will typically consume sightings, indicators.
  • Threat Mitigation System (TMS)
    • Software instance that acts on course of actions and other threat mitigations such as a firewall or IPS,  Endpoint Detection and Response (EDR) software, etc.
  • Threat Detection System (TDS)
    • Software instance of any network product that monitors and/or detects such as Intrusion Detection Software (IDS), Endpoint Detection and Response (EDR) software, web proxy, etc.
  • Threat Intelligence Sink (TIS) *NEW TO PART 2*
    • Software instance that consumes STIX 2.0 content in order to perform translations to domain specific formats consumable by enforcement and/or detection systems that do not natively support STIX 2.0. These consumers may or may not have the capability of reporting sightings. A (TIS) that consumes STIX content will typically consume indicators.
  • TAXII Server (TXS) *NEW TO PART 2*
    • Software instance that acts as a TAXII Server enabling sharing between producers and respondents of STIX 2 content.

 

We are getting close to finalizing the Part 2 document so if you believe interoperability is important to your org -> GET INVOLVED!!!!

 

Regards

 

Allan

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]