OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [cti-stix] Object ID format


Agree as well - that was the concensus at the F2F - ID should be for ID purposes, information source for producer purposes.


-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for "Thompson, Dean" ---01/21/2016 01:06:58 AM---Hi!, I definitely support the use of the InformationSour"Thompson, Dean" ---01/21/2016 01:06:58 AM---Hi!, I definitely support the use of the InformationSource object. It has the capability of providi

From: "Thompson, Dean" <Dean.Thompson@anz.com>
To: "'Jordan, Bret'" <bret.jordan@bluecoat.com>, "'Terry MacDonald'" <terry@soltra.com>
Cc: "'John Anderson'" <janderson@soltra.com>, "'cti-stix@lists.oasis-open.org'" <cti-stix@lists.oasis-open.org>
Date: 01/21/2016 01:06 AM
Subject: RE: [cti-stix] Object ID format
Sent by: <cti-stix@lists.oasis-open.org>






Hi!,

I definitely support the use of the InformationSource object. It has the capability of providing great context which is sometimes lacking in STIX documents.

Regards,

Dean

From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Jordan, Bret
Sent:
Thursday, 21 January 2016 3:56 PM
To:
Terry MacDonald
Cc:
John Anderson; cti-stix@lists.oasis-open.org
Subject:
Re: [cti-stix] Object ID format

And we can not have one group do it one way, and another group do it some other way. This is why at the face 2 face we talked through this idea and talked about removing the domain name from the ID. What we found from the discussion is that at the end of the day, the domain name in the ID did not really provide any value. What is important is that the Information Source object be there.. This will enable people those groups that want open communication to be found. It will also allow those groups that do not want attribution or want to hide, to hide.

The solution we came to at the F2F, as far as I remember, was to just enforce the the InformationSource object.

Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."


This e-mail and any attachments to it (the "Communication") is, unless otherwise stated, confidential, may contain copyright material and is for the use only of the intended recipient. If you receive the Communication in error, please notify the sender immediately by return e-mail, delete the Communication and the return e-mail, and do not read, copy, retransmit or otherwise deal with it. Any views expressed in the Communication are those of the individual sender only, unless expressly stated to be those of Australia and New Zealand Banking Group Limited ABN 11 005 357 522, or any of its related entities including ANZ Bank New Zealand Limited (together "ANZ"). ANZ does not accept liability in connection with the integrity of or errors in the Communication, computer virus, data corruption, interference or delay arising from or in respect of the Communication.




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]