OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call


Jason,


I really like that idea of adding those properties to TAXII collections and then channels.


Bret


From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Sent: Thursday, August 10, 2017 6:34:38 AM
To: Bret Jordan
Cc: Allan Thomson; cti-cybox@lists.oasis-open.org; cti-stix@lists.oasis-open.org; Back, Greg; Terry MacDonald
Subject: Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call
 
I like this as well, I can foresee two fields being added to both collections and channels:

        required_markings
        supported_markings

I will also throw out there that TAXII channels really needs work if we want it to be completed.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security

Without data, all you are is just another person with an opinion - Unknown




From:        Bret Jordan <Bret_Jordan@symantec.com>
To:        Terry MacDonald <terry.macdonald@cosive.com>, Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Cc:        Allan Thomson <athomson@lookingglasscyber.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>, "Back, Greg" <gback@mitre.org>
Date:        08/09/2017 06:41 PM
Subject:        [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call
Sent by:        <cti-stix@lists.oasis-open.org>




Terry,

I really like the idea of including IEP support in TAXII.  Assuming a user has the rights to know about certain levels of content it would be great if you could pre-filter on IEP restrictions.

Bret



From: Terry MacDonald <terry.macdonald@cosive.com>
Sent:
Wednesday, August 9, 2017 1:39:45 PM
To:
Jason Keirstead
Cc:
Allan Thomson; cti-stix@lists.oasis-open.org; Bret Jordan; cti-cybox@lists.oasis-open.org; Back, Greg
Subject:
Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call

 
Perhaps this is where we could add the ability within TAXII channels to specify mandatory data marking requirements for that channel? That seems a nice way of saying 'to participate in this community, you need to support X'.

Cheers
Terry MacDonald

On 10/08/2017 05:35, "Jason Keirstead" <Jason.Keirstead@ca.ibm.com> wrote:
That said... I would be extremely strongly against requiring IEP in any interoperability profile.

Data markings have many uses, but there are entire swaths of the cybersecurity space to which they are simply not applicable. There is no way we can mandate marking support in interoperability testing without excluding whole segments of the market.


-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems

www.ibm.com/security

Without data, all you are is just another person with an opinion - Unknown





From:        
Allan Thomson <athomson@lookingglasscyber.com>
To:        
Bret Jordan <Bret_Jordan@symantec.com>, "Back, Greg" <gback@mitre.org>
Cc:        
"cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>
Date:        
08/08/2017 12:51 AM
Subject:        
[cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call
Sent by:        
<cti-stix@lists.oasis-open.org>





We have not finished interop test specification for STIX 2.0 so until we have done that, it’s premature to be talking about what STIX 2.1 interop will or will not do.

Part 1 ballot is still outstanding. Getting the TC to focus on Interop 2.0 is hard enough.

Allan Thomson
CTO

+1-408-331-6646
LookingGlass Cyber Solutions

From:
OASIS list <
cti-cybox@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date:
Monday, August 7, 2017 at 7:58 PM
To:
"Back, Greg" <
gback@mitre.org>
Cc:
"
cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, OASIS list <cti-cybox@lists.oasis-open.org>
Subject:
Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call


Those are good questions.  The specification will not mandate, or I hope will not mandate, the use of IEP, but is the interop SC going to mandate it in their profiles?

Bret

Sent from my iPhone

On Aug 7, 2017, at 7:46 PM, Back, Greg <
gback@mitre.org> wrote:
As long as we aren’t mandating all consumers (and producers, though I’m more worried about consumers) to implement IEP, I’m fine with this. I’m also fine with using interoperability to promote the use of IEP, and (hopefully) letting market forces make IEP used universally.

On 2017-08-07, 19:01 UTC, "cti-stix@lists.oasis-open.orgon behalf of Struse, Richard J." <cti-stix@lists.oasis-open.orgon behalf of rjs@mitre.org> wrote:

Meant to say: “…that we are NOTrequiring IEP nor…”



From:
<
cti-stix@lists.oasis-open.org> on behalf of Richard Struse <rjs@mitre.org>
Date:
Monday, August 7, 2017 at 2:59 PM
To:
Bret Jordan <
Bret_Jordan@symantec.com>, "Wunder, John A." <jwunder@mitre.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>
Subject:
[cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call


Since we began this work there has been a clear recognition that TLP, while useful, isn’t sufficient to represent the sorts of policy expressions that are required to truly enable CTI sharing ecosystems. The FIRST community is exactly the sort of hands-on community best suited to develop such policy frameworks and it doesn’t seem like there are any competing policy frameworks under consideration.  Given that, and the fact that we are requiring IEP nor are we “tying” STIX to IEP (or vice-versa), it seems worthwhile to do the work necessary to figure out how to best support those communities that wish to use IEP.

Is there anyone actively opposed to the TC figuring out how we might support IEP?

From:
<
cti-cybox@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date:
Monday, August 7, 2017 at 2:45 PM
To:
"Wunder, John A." <
jwunder@mitre.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>, "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>
Subject:
[cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call


On the IEP front, we need to make sure the TC wants to do it before we figure out how we should do it.  I would love to see some discussion over email first, before we tackle it on a working call that only has a subset of the membership.  In other words, a working call is not a good place to decide "if" we should do something.  It is a great place to figure out "how" we should do it, once the TC has sufficiently debated and decided to do it.


Bret
 



From:
cti-cybox@lists.oasis-open.org<cti-cybox@lists.oasis-open.org> on behalf of Wunder, John A. <jwunder@mitre.org>
Sent:
Monday, August 7, 2017 9:11 AM
To:
cti-stix@lists.oasis-open.org; cti-cybox@lists.oasis-open.org
Subject:
[EXT] [cti-cybox] Agenda for August 8 Working Call


All,

We have three topics for the working call this week:

1.       Continue work on DNS Request/Response
2.       Continue work on Location, in particular discuss ISO 3166
3.       Discuss inclusion of IEP (how we should do it)

John








[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]