[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] RE: STIX Sightings
On 30.10.2015 15:38:42, Aharon Chernin wrote: > > I do tend to lean towards TAXII query, but if the community likes > the STIX Request Pack approach better then we should depreciate the > functionality from TAXII Query. I would like to avoid having two > different ways to do the same thing. > I agree that as a general refactoring principle we should strive for *one* way of doing things. If we elect to go with the STIX Request/Response objects Terry proposed for RFI, perhaps we should extend the concept to address all the use cases targeted by the TAXII Query API strawman and forget about REST-based TAXII Query. Given that the TAXII SC are going with a REST-based approach for 2.0, it seems a bit silly (from an implementation perspective) that I would need to create a STIX Request object, pass that to a TAXII broker, and wait around on one or more STIX Response objects to come back down the TAXII messaging bus just to find out whether a particular IP address has been seen before when a REST call would accomplish the same thing. Grrr...I *hate* to suggest it, but maybe this is a corner case where we actually *need* two different ways of doing the same thing?! -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "It is always something." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]