OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-users] Publication of another threat intelligence standard: Open Threat Partner eXchange (OpenTPX)

Copying this trail from CTI-Users to the STIX and TAXII SC lists.

I know it is somewhat pie in the sky, but what I would really like people to considet when talkkng about CybOX 2.0 and QUERY 2.0, would be a query language that was the same as the language observables were defined in. Today those things are very different (CybOX and ?), when really there is no reason it should be this way.

It would certainly make things simpler for newcomers, if in my STIX document I could define an observable as "IP = 1.2.3.4 AND MD5 = AD3957DF838383", and then later use the exact same syntax to search for other indicators in a repository. 

Having different languages for definition and search is not ideal. Imagine if you used different languages to insert and select from an RDBMS. That's what we're doing right now, except its with a graph (STIX).

Sent from IBM Verse


Trey Darley --- Re: [cti-users] Publication of another threat intelligence standard: Open Threat Partner eXchange (OpenTPX) ---

From:"Trey Darley" <trey@soltra.com>
To:"Grobauer, Bernd" <Bernd.Grobauer@siemens.com>
Cc:cti-users@lists.oasis-open.org
Date:Wed, Oct 21, 2015 8:02 AM
Subject:Re: [cti-users] Publication of another threat intelligence standard: Open Threat Partner eXchange (OpenTPX)

On 21.10.2015 10:17:03, Grobauer, Bernd wrote: > > I found this news item (from yesterday) about a new Open Source > effort on TI standardization and thought it might be of interest to > the group: > > Good eye, Bernd, thanks for sharing! My initial reaction was this [0]. But having reviewed the OpenTPX introduction [1], I see some things that I quite like and from which we might draw inspiration for the pending CTI standards major revisions, namely: * nifty query language * lightweight extensibility mechanism a la OpenIOC 1.1's Parameters notion * how they score observables and allow for aging the scores over time (cf. score_24hr_decay_i, page 16 in [1]) [0]: http://imgs.xkcd.com/comics/standards.png [1]: https://www.opentpx.org/docs/openTPX-introduction.pdf -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "One size never fits all." --RFC 1925

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]