|
HI Allan and Bret,
Thanks for the thoughts on this. Looks like a STIX Extension is the way to go.
Appreciate the offer to follow up offline - we're a little while off implementing anything but may take you up on that down the line!
Best wishes,
Ben
From: aa tt <atcyber1000@gmail.com>
Sent: 16 March 2021 17:08
To: Bret Jordan <bret.jordan@broadcom.com>
Cc: Ben Whale <bwhale@caci.co.uk>; cti-comment@lists.oasis-open.org <cti-comment@lists.oasis-open.org>
Subject: Re: [cti-comment] STIX Course of Action object
Not sure its easier but certainly its a good alternative choice too.
Effectively
a) Embedded relationship (property of CoA)
b) External relationship using relationship object (from CoA to CACAO Playbook)
Both are options.
Doing a STIX Extension for whatever you choose would be good either way.
What might be even easier is to just use a relationship between a STIC COA and a CACAO Playbook. We designed CACAO Playbooks to work with a STIX CTI Graph.
Thanks,
Bret
PGP Fingerprint: 63B4
FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an
egg."
Hi Ben -
There was a version of STIX CoA that was proposed (and actually included) previously in 2.1 that included a property to allow a pointer from CoA to a CACAO Playbook.
That was removed at the last minute from STIX2.1 due to lack of implementation verification that STIX2.1 required for inclusion of new features.
However, that spec work exists and could be used for either a) adding to STIX2.1 as standard or b) add to STIX2.1 COA as a standard extension for connecting STIX to CACAO.
At this point, I would suggest b) is the best path forward.
If you would like suggestions on how to do that then we can talk off-line.
Hi
all,
I
was wondering how the thinking behind the STIX Course of Action object is developing? We
are considering using the course of action object in
a system we are developing and
are interested in the potential of capturing a
machine automatable action within it. Given
the development of the CACAO standard, is it likely that STIX will adopt CACAO in the action field, or is there other current thinking
around this?
Kind
regards,
Ben
Whale
Software
Engineer,
CACI
Ltd
This electronic message contains information from CACI International Inc or
subsidiary companies, which may be confidential, proprietary,
privileged or otherwise protected from disclosure. The information is
intended to be used solely by the recipient(s) named above. If you are not
an intended recipient, be aware that any review, disclosure, copying,
distribution or use of this transmission or its contents is prohibited. If
you have received this transmission in error, please notify us immediately
at postmaster@caci.co.uk
Viruses: Although we have taken steps to ensure that this e-mail and
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus free.
CACI Limited. Registered in England & Wales. Registration No. 1649776. CACI House, Avonmore Road, London, W14 8TS
This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or
entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering
the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the
sender, delete it from your computer, and destroy any printed copy of it.
This electronic message contains information from CACI International Inc or
subsidiary companies, which may be confidential, proprietary,
privileged or otherwise protected from disclosure. The information is
intended to be used solely by the recipient(s) named above. If you are not
an intended recipient, be aware that any review, disclosure, copying,
distribution or use of this transmission or its contents is prohibited. If
you have received this transmission in error, please notify us immediately
at postmaster@caci.co.uk
Viruses: Although we have taken steps to ensure that this e-mail and
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus free.
CACI Limited. Registered in England & Wales. Registration No. 1649776. CACI House, Avonmore Road, London, W14 8TS
|