[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX 2.0 Specification Questions
The Playbook would be an object, to which you could relationship to the OpenC2 actions in the Playbook (which are the semantic definition of "the content")
As to the argument that "organizations do not share their playbooks" - whether I agree with that specifically or not (not totally) - it doesn't matter because I can say that same thing about *a lot* of the things we are doing in STIX. STIX is about modeling cyber threat intelligence so that machines can produce and consume it and interact with eachother. These machines you want to consume your STIX may be outside your organizational boundary, or in many cases, may be internal. Also, some subsets of information will be shared, while others will not. Just because something is seen as "never being shared" does not mean that it is not critical to model.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
Allan Thomson ---08/11/2016 12:27:57 PM---Hi Craig – I think Jason was suggesting sharing the name/id of the playbook not the actual content o
From: Allan Thomson <athomson@lookingglasscyber.com>
To: Craig Brozefsky <cbrozefs@cisco.com>
Cc: Jason Keirstead/CanEast/IBM@IBMCA, "Jordan, Bret" <bret.jordan@bluecoat.com>, "Wunder, John A." <jwunder@mitre.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date: 08/11/2016 12:27 PM
Subject: Re: [cti-stix] STIX 2.0 Specification Questions
Sent by: <cti-stix@lists.oasis-open.org>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]