OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-interoperability message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: STIX/TAXII 2.0 Interoperability Part 2 Working Draft 1 Review (11th Sept to 25th Sept) STARTING TODAY


All,

 

Today we are starting a broader TC review of the STIX/TAXII 2.0 Interoperability Part 2 Test Document.

 

The document covers tests for the following persona:

 

  • Data Feed Provider (DFP)
    • Software instance that acts as a producer of STIX 2.0 content.
  • Threat Intelligence Platform (TIP)
    • Software instance that acts as a producer and/or Respondent of STIX 2.0 content primarily used to aggregate, refine and share intelligence with other machines or security personnel operating other security infrastructure.
  • Security Incident and Event Management system (SIEM)
    • Software instance that acts as a producer and/or Respondent of STIX 2.0 content. A SIEM that produces STIX content will typically create incidents and indicators. A SIEM that consumes STIX content will typically consume sightings, indicators.
  • Threat Mitigation System (TMS)
    • Software instance that acts on course of actions and other threat mitigations such as a firewall or IPS,  Endpoint Detection and Response (EDR) software, etc.
  • Threat Detection System (TDS)
    • Software instance of any network product that monitors and/or detects such as Intrusion Detection Software (IDS), Endpoint Detection and Response (EDR) software, web proxy, etc.
  • Threat Intelligence Sink (TIS) *NEW TO PART 2*
    • Software instance that consumes STIX 2.0 content in order to perform translations to domain specific formats consumable by enforcement and/or detection systems that do not natively support STIX 2.0. These consumers may or may not have the capability of reporting sightings. A TIS will typically consume intelligence identified in the STIX content but will not produce any STIX content itself.
  • TAXII Server (TXS) *NEW TO PART 2*
    • Software instance that acts as a TAXII Server enabling the sharing of STIX 2.0 content among producers and respondents

 

If you are planning to submit your software for certification in one of these categories then your feedback is appreciated to ensure it meets the needs of the TC.

 

We will run the review period until 25th Sept (Monday).

 

The google doc is preferred for comments: https://docs.google.com/document/d/11MocPK3s8im8O5-7rgZhtVHoxO72aQicJj2v-HDx-Q8/edit?usp=sharing

 

However, if you do not have access to google docs then please add your comments to the attached word doc and send back to the CTI Interop subcommittee list (copied on this email).

 

All feedback and comments are much appreciated.

 

Regards

 

Allan

 

Attachment: STIXTAXII 2.0 Interoperability Test Document Part 2.docx
Description: STIXTAXII 2.0 Interoperability Test Document Part 2.docx



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]