[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [EXT] RE: [openc2-lang] New properties
We keep talking about OpenC2 as a stand alone, protocol and transport agnostic solution. As such, we can not assume or rely on any thing from the transport. Thus, if we do not bind OpenC2 to a MTI transport where we can guarantee that certain pieces of content are there, then we need to define in them in our spec.
Knowing when a command was created / modified is required for basic versioning of commands. Too often this group assumes incorrectly that when you issue a command to a device, it will process it in real-time. A device may need to queue that command for some period of time before it can actually process it.
From a logging and auditing trail standpoint, it would be good to have more information about commands. Aka, what is the command ID, when was the command created, who created the command etc. The person that created the command may NOT be the person that is sending it over the wire.
UUIDv4 vs UUIDv5 is a fun debate. UUIDv5 is a valid solution if the content in the payload is never going to change, meaning there is never going to be an updated version of it. If there is, then you run in to a problem, because the ID changes.
Yes, I want a structure like:
{
"id": "",
"created": "",
"modified": "",
"target": "",
"actuator": "",
etc
}
Bret
--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://clicktime.symantec.com/a/1/cnYItG6GWN3UP5UQ10WvCLGK5YVekzf7DG5oUUTz4pY=?d=5gUqqZnm6DY02tCk6tP9MdrpQ1ExXc2wrk_yiHRMqQ9B6WU6DQV7Jh6fJxeit_JOpGh7ntfWYet33eF3NX8k0QRk4i0GymD9UUMoGhCDnItZNNQ59rtH5ft0sjdTwzuTgTq6i2T8_MrCcnnCOo0IPyWyndkpksdAPSQcNqJRAcinIwg0OZHostLbdRERUSPfbWfYxIv6644CYFXGEyTL2DLw3yE29JSp77NPlGD403IlO-nBtCcjv6zEa6m0GikL_oAZfLY_fRgF-3PIg1pOOezjRsLyOwgcgQnFM_xXcucRsCicGNHWA9vnFl9IwGYSR0agyRI1UJzd7teMwEkT6A4Nr3-9KQamt7J5OZvVqsEhN6jxe2QVa-YtwyR_kTOFCMdqwQaRrPm_imOZ6hgNcZwAWeN1Y-OC99MjG06LXPVca-F19mdPwneh4o9R7Am5zghxPhujlP_hEG1IaTM1DrS3eSRgus1CtMav&u=https%3A%2F%2Fwww.oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php-------- Original Message --------
Subject: [openc2-lang] New properties
From: Bret Jordan <Bret_Jordan@symantec.com>
Date: Wed, October 04, 2017 2:37 pm
To: "openc2-lang@lists.oasis-open.org"
<openc2-lang@lists.oasis-open.org>
I would like to propose that the language SC consider adding the following top-level properties to all commands:
id (UUIDv4)created (timestamp)creator or author or something (an ID to a STIX Identifier or some sort of other identity)
We should also have some sort of serial number as well. So that if you have a command with and ID of 1234 and you issue that command to 400 systems, you will need some way of knowing which systems / serial numbers accepted and processed that command successfully.
Bret
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]