[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX COA Roadmap
Reller, Nathan S. wrote this message on Thu, Sep 21, 2017 at 14:44 +0000: > I would also like to add support for different languages in the next release. This would add a new property to COA that is “action_language” and the “action” property would be a string. Depending upon the language selected then that would determine the content syntax of “action.” One leason from the patterning, is that it can be useful to be able to include multiple languages, like both bash and python, at the same time as alternatives incase a device doesn't support the other one. > I think this would allow existing languages to be used immediately while the STIX community develops its own language that is supported by numerous vendors, orchestrators, and devices. It would also allow us to have different versions of our COA language if we wanted and may help with concerns of backwards and forwards compatibility. > > > > Below are two examples of STIX COAs using this property. The first is an example of a COA that uses Bash. I thought this was a good example because after Heartbleed there were blog posts and articles on how to detect if your system was vulnerable to Heartbleed and how to update the system. To me that is a simple kind of COA that we could encapsulate in a STIX COA. We do have to be careful how we define properties. One of the basic principals that we have is that a property will not change types based upon another property. This doesn't happen here, but it would preclude use from ever making action a structure or a list. -- John-Mark
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]