[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: [cti-users] MTI Binding
Very interesting thread, while, again, IMHO, we are mixing topics in the same thread. But this should be needed. From the CTI TC stack described by Sean, I feel that: - Ontology/data-model is of/for a Vision/Strategy level. With specific Goals/Objectives. (Why we want data, to do what) - Representation format implementation (JSON vs XML) is more of Operational level. With ongoing discussions having differently focused Goals/Objectives (How we need the data) - Binding would be more Tactical (What data we need to do what we want) For the Strategy to work, some would have to explain it (defining and explaining the Goals), to the Operational level. That would set requirements and help to make decisions at the operational level. “Information is a source of learning. But unless it is organized, processed, and available to the right people in a format for decision making, it is a burden, not a benefit.” William Pollard At the same time, listening at what Operational level has to say, will help to maintain achievable and realistic goals. (depending and time and capabilities). From my development experience, yes JSON is easy and simple. Meantime, you should keep in mind that if you have goals, you will have to pay the price to achieve them. So, for sure, we need data (we need a lot, quickly, and of quality). Don't get trapped by the 'lazy programmers' (I am one and worked with a lot of them) if you're losing too much and won't reach your goals. I do understand that using XML needs efforts, and is not convenient from operational point of view. But I do think that it offers what is needed to reach valuable objectives. Like the strategy has to demonstrate the value of the efforts, right now, I think some people just don't know if JSON offers the needed requirements, to reach the same goals. (change is always difficult, but good arguments can help, and maybe, ROI can be demonstrated. Efforts are still needed to demonstrate value of the change) With that said, regarding Predictive Models, PMML was quickly discussed in our community before, and it is considered in my XORCISM research. While I went through a relational approach (database), with pros and cons, I see benefits into a PMML approach as a long term strategy. 2015-10-03 4:45 GMT+04:00 Jane Ginn <jane.ginn@gmail.com>: > Hi All: > > While reading through this thread it occurred to me that the JSON-LD > suggestion represents a significant shift in the level at which we are > approaching the problem set. Cory has long been arguing for us to shift our > focus to a semantic model that can serve as a language agnostic approach to > solving the CTI sharing problem. Bret has been pushing for JSON as a tool to > help us achieve more wide spread adoption. We currently have bindings in XML > and Python... but no MTI for moving forward with STIX 2.0. > > JSON-LD appears to address several of our issues at a higher level of > abstraction. > > I'm also intrigued by the potential, from the POV of STIX cosumers, at how > PMML can be deployed seamlessly to use wire speed data on attacks for > predictive modelling... or at least deploying the myriad of tools for > predictive modelling. I expect this is an area of white space in the market > that will be picked up by a vendor and developed as an enterprise solution. > We just need to get the front end right for the integration. > > Jane Ginn > Cyber Threat Intelligence Network
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]