[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX 2.0 Specification Questions
Hi Craig – I think Jason was suggesting sharing the name/id of the playbook not the actual content of the playbook.
So I was thinking of it sharing an id that the other system would know how to look up that reference and determine what to do.
I agree attempting to define playbook content in STIX is not desired.
allan
On 8/11/16, 8:25 AM, "Craig Brozefsky" <cbrozefs@cisco.com> wrote:
Allan Thomson <athomson@lookingglasscyber.com> writes:
> Hi Craig – I generally agree but if we want to exchange between
> systems within an organization across systems operated/owned by the
> same org then having a construct to share the playbook name as part of
> standard STIX would be useful.
>
> The fallback to that would be to have a custom object/attribute to
> convey the information but I tend to think that where something that
> is very common in many orgs (playbooks) then why would STIX not
> support that.
Playbooks may be common, but their structure, logic, and definition is
not. I've seen them range from text files and wiki pages, to
spreadsheets, to python modules. I think an exchange format for them is
a ways off.
PS: I'm sorry I didn't realize I can't post to the cti-stix list before
responding, I'll get that remedied.
--
Craig Brozefsky
Principal Engineer, AMP Threat Grid
Cisco Security Business Group
+1-773-469-8349
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]