[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [Non-DoD Source] Re: [cti-stix] RE: Intrusion Sets
Jerome, I'm not familiar with the Atom Syndication Format Feed, although I had looked at Atom briefly a couple years back. While it could be useful for setting up any number of feeds, including feeds associated with different Intrusion Sets, indicator or incidents targeting specific industries or feeds related to different types of malware, it does not negate the need to allow analysts to represent threat intelligence within STIX. IMO we should not be restricting the industry to only represent certain concepts using a feed rather than within STIX itself. -Gary -----Original Message----- From: Jerome Athias [mailto:athiasjerome@gmail.com] Sent: Monday, June 06, 2016 12:49 PM To: Katz, Gary CTR DC3/DCCI Cc: cti-stix@lists.oasis-open.org Subject: [Non-DoD Source] Re: [cti-stix] RE: Intrusion Sets I wonder if these sets would be better represented (and used) with a grouping a la Campaign at STIX level, or would it be more efficient with a "Atom Syndication Format feed" like approach at the TAXII level. (in case we would take a direction like https://github.com/CISecurity/ROLIE/blob/master/draft-ietf-mile-rolie-02.xml ) 2016-06-03 15:35 GMT+03:00 Katz, Gary CTR DC3/DCCI <Gary.Katz.ctr@dc3.mil>: > Bret, > Since this is something that some of us are going to need in order to share threat information, I'd like to have it in the initial release. Can Paul and I work on something and put out a suggestion for review by next Friday? My goal is to have something as similar as possible to the properties captured in Campaign. > > -Gary > > -----Original Message----- > From: cti-stix@lists.oasis-open.org > [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Jordan, Bret > Sent: Thursday, June 02, 2016 6:16 PM > To: cti-stix@lists.oasis-open.org > Subject: [Non-DoD Source] [cti-stix] Intrusion Sets > > After this weeks working call, I think I understand what Gary wants out of the Intrusion Set TLO and I think I can get on board with it. However, I do not think we will be able to deliver it for the summer release. I just do not feel like we fully understand what properties will be needed yet. Therefor I would like to suggest that we push Intrusion Sets off to the Winter release... Is everyone okay with that? > > > > Thanks, > > Bret > > > > Bret Jordan CISSP > Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]