[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-stix] RE: How should this look
Hi,
I am for package ID requirement whenever there is a package.
We mix and match objects in packages, but
package as a unit is, I believe, important for human understanding. (Thus package ID requirement for systems to track packages.) Regards, Ryu From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org]
On Behalf Of Barnum, Sean D. I would assert that package Ids still need to be required. There are some players who still view and track the package as a separate thing. sean From:
"cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf
of Terry MacDonald <terry@soltra.com> Yep Bret, I like that. I think it would work well with STIX requests and responses as well so I like that: { "type": "stix-request", "id": "stix-request--3ba2c668-6aa3-4f3d-abd4-82f884e8f99d", "request": { … } } And { "type": "stix-response", "id": "stix-response--656ff5b4-3c2b-441c-b570-9f6ec549582f", "request_id": "stix-request--3ba2c668-6aa3-4f3d-abd4-82f884e8f99d", "response": { … } } I have a couple of questions about the stix-package use though… 1.
Will multiple stix packages be able to be sent in the same TAXII exchange?
2.
Will STIX packages be able to be sent along with STIX requests and STIX responses in the same TAXII exchange? I think they should
so that we open up the possibility of long polling/streaming of data 3.
Does the stix package need an ID if we are only concerned about the id’s of the objects within the stix-package? i.e. its only an
envelope at present, does that need an ID. 4.
Or.. should we keep the stix-package ID to keep in line with the stix-requests and stix-responses that will need an ID to keep track
of them and the relationships between them That’s off the top of my head so please excuse any mistakes
J. Cheers Terry MacDonald Senior STIX Subject Matter Expert SOLTRA | An FS-ISAC and DTCC Company +61 (407) 203 206 |
terry@soltra.com From:
cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org]
On Behalf Of Jordan, Bret I want to start writing some APIs for STIX 2.0.. But I am not yet sure how things should look at the top level... I am thinking something like???? This is meant to get people talking so we can start
fleshing this out as cleanly and rapidly as possible. { "type": "stix-package", "id": "stix-package--ad3d029f-6fe7-4923-aafc-3b69aed32365", "indicators": [ { "type": "indicator", "id": "indicator--3d5338a0-9305-4373-b59c-616ac2e9b18f", "timestamp": "2016-01-28T15:44:53Z", "title": "Some really neat indicator that we found" } ] } Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]