[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX 2.0 Specification Questions
Hi Craig – I think Jason was suggesting sharing the name/id of the playbook not the actual content of the playbook. So I was thinking of it sharing an id that the other system would know how to look up that reference and determine what to do. I agree attempting to define playbook content in STIX is not desired. allan On 8/11/16, 8:25 AM, "Craig Brozefsky" <cbrozefs@cisco.com> wrote: Allan Thomson <athomson@lookingglasscyber.com> writes: > Hi Craig – I generally agree but if we want to exchange between > systems within an organization across systems operated/owned by the > same org then having a construct to share the playbook name as part of > standard STIX would be useful. > > The fallback to that would be to have a custom object/attribute to > convey the information but I tend to think that where something that > is very common in many orgs (playbooks) then why would STIX not > support that. Playbooks may be common, but their structure, logic, and definition is not. I've seen them range from text files and wiki pages, to spreadsheets, to python modules. I think an exchange format for them is a ways off. PS: I'm sorry I didn't realize I can't post to the cti-stix list before responding, I'll get that remedied. -- Craig Brozefsky Principal Engineer, AMP Threat Grid Cisco Security Business Group +1-773-469-8349
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]