[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] Goals for TAXII 2.0
Hey, Jason -
In this configuration the spokes pull from the hub and push back to it. The hub itself doesn't make outbound connections.
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
From: cti-taxii@lists.oasis-open.org <cti-taxii@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Sent: Wednesday, July 15, 2015 14:20 To: Trey Darley Cc: Terry MacDonald; cti-taxii@lists.oasis-open.org Subject: Re: [cti-taxii] Goals for TAXII 2.0 Sorry maybe I am misunderstanding... maybe I have always misunderstood this! What I am referring to is the TAXII push to INBOX which contains a subscription ID... this implies that the client hosting that INBOX service, previously subscribed to something
on that TAXII hub... which by nature (since it is subscriber based) implies it is a PUSH from the hub to the spoke. Hey, Jason - While it might not be immediately apparent, there are institutions which use both the poll and push due to site security policy. Basically, where you'd normally have a hub and spoke with peer-to-peer polling, in these cases no inbound connections are allowed on the edge node. Instead, these nodes are configured to a) poll a centrally accessible hub and b) push outbound to that same node. I generally agree with the notion of stripping away "needless" flexibility but I don't think that applies in this particular case. Cheers, Trey -- Trey Darley Senior Security Engineer Soltra | An FS-ISAC & DTCC Company www.soltra.com From: cti-taxii@lists.oasis-open.org <cti-taxii@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com> Sent: Wednesday, July 15, 2015 14:06 To: Terry MacDonald Cc: cti-taxii@lists.oasis-open.org Subject: Re: [cti-taxii] Goals for TAXII 2.0 Does Tenant 1 mean that TAXII 2.0 will only do either a PUSH model or a POLL/PULL model, but not both? That would be great... to me this was one of the "needlessly flexible" facets of TAXII 1.X. - Jason Keirstead Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security | www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown Terry MacDonald ---2015/07/15 12:45:00 AM---Hi All, As per earlier discussions I really think it would be beneficial to discuss From: Terry MacDonald <terry.macdonald@threatloop.com> To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org> Date: 2015/07/15 12:45 AM Subject: [cti-taxii] Goals for TAXII 2.0 Sent by: <cti-taxii@lists.oasis-open.org> Hi All, As per earlier discussions I really think it would be beneficial to discuss some key goals that we want TAXII 2.0 to adhere to. As such I've tried to incorporate the discussions we've had over the past year or so, and distill them into the following list. Please note, this is a 'starter for 10', just to prompt further discussion. Please do not consider it official, final, or authoritative in any way :) (I should be a lawyer). Goals for TAXII v2.0:
Cheers Terry MacDonald | STIX, TAXII, CybOX Consultant M: +61-407-203-026 E: terry.macdonald@threatloop.com W: www.threatloop.com Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]