[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX: Messaging Standard vs. Document Standard
>Now the format of the messages is not really important for me as long as I can map the objects easily from the messages to the database/model/ontology
I would suggest that this is the the key here.
I have no objections to specifying particular use case profiles for specific focused message exchanges. In fact, I think it is a great idea and we in the MITRE team have been working on a way to convey them effectively.
However, I do not view these message specifications as an alternative or independent thing from the model/ontology. I would view them as a layer on top of the model/ontology that allows focused and explicit representation of a small subset of information
from the model/ontology that is relevant for a given exchange use case.
I would agree with Jerome’s assertion above. The model/ontology needs to be there first to unambiguously define the information in question and where it fits in the overall model and the content from any message format specifications needs to be unambiguously
traceable and mapped to the overall model/ontology. This is the only way that different message exchange specifications (use cases) would ever be able to work together effectively and support actual analysis and action on the information. I would also assert
that it is impossible to define specific message exchange specifications for every possible variant of use. Given this the overall model/ontology not only provides the overall frame that holds everything together, it also offers the general information backplane
to support message exchanges for which explicit message exchange specifications do not exist.
BTW, using a semantic approach for our models and derived serializations makes all of the above MUCH easier.
sean
From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of Jerome Athias <athiasjerome@gmail.com>
Date: Monday, November 30, 2015 at 9:26 AM To: Jon Baker <bakerj@mitre.org> Cc: Jason Keirstead <Jason.Keirstead@ca.ibm.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> Subject: Re: [cti-stix] STIX: Messaging Standard vs. Document Standard This makes sense for me.
What I did in XORCISM is to use (steal ;)) many models to translate them in a relational database (kind of an ontology at this point)
From there I obtained objects (compliant with the used models since designed from them) and relationships
Now the format of the messages is not really important for me as long as I can map the objects easily from the messages to the database/model/ontology
And for implementation, I can write a connector for messages from a tool to my db in few days
(And I can then used the stored objects/values to build/send messages easily)
In terms of "adoption"/implementation it's for me something like few days for each connector versus years waiting (utopia) that each tool/vendor implements a standardized format
On Monday, 30 November 2015, Baker, Jon <bakerj@mitre.org> wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]