Re: [cti-stix] RE: STIX Sightings

[Trey Darley <trey@soltra.com>]

On 29.10.2015 21:45:21, Terry MacDonald wrote:
> 
> PROBLEM:
> 
> There is no real mechanism within STIX for a consumer of STIX data
> to ask a question from the rest of the threat sharing community that
> they are part of. This functionality is required if we are going to
> get good multi-directional threat intelligence sharing happening.
> 

Wow, this is good stuff, Terry! I hadn't fully thought through the
notion of a broadcast query. Good on ya, man!

> 
> This is different from the normal 'broadcast' style STIX message,
> where the message is just sent to all parties and no replies are
> expected. With STIX request/response there is a direct
> question/answer relationship required.
> 
> Please note this request/response is also different to TAXII Query,
> as the question is being asked to all members of the channel, rather
> than just the single TAXII server you are locally connecting to
> (which is IMHO more where TAXII Query fits in).
> 

I'm biased, since I've been working on the notional query spec for
TAXII 2.0, but I think we can solve this via TAXII REST query instead
of creating two new top-level STIX objects. I've written up my
proposal for query scoping here [0].

The tl;dr is to add an optional 'broadcast' parameter to TAXII query.
If not specified, assume that a query is targeting just the local CTI
repository. If the flag is specified, the CTI repository receiving the
query acts as a proxy, forwarding the incoming query to all the hosts
implied by the specified trustgroup(s), collecting the query results,
and passing them back to the client.

[0]: https://taxiiproject.github.io/taxii2/notional-query-api/#query-scoping

-- 
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
--
"There are only two hard things in Computer Science: cache
invalidation and naming things." --Phil Karlton

Attachment: signature.asc
Description: PGP signature