[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] CTI-Outreach Sub-Committee Nominations/Discussion
> #1 Just a note regarding the vendors perspective, why "STIX/TAXII in their current incarnation do NOT work very well"?
Can STIX be improved upon? Heck yeah. Should it be improved? Of course, when can we start!?!?!?
Does STIX in it's current form not work? I tend to disagree. I speak to people who use STIX everyday. Also, almost every major ISAC is using STIX/TAXII, or planning to use STIX/TAXII, in some fashion to share intelligence. Over 600 TAXII clients pull from http://hailataxii.com everyday, over 1,700 unique TAXII clients each month, with an average of about 180,000 TAXII requests everyday. I fully support us doing as much of a revamp in STIX 2.0 as needed, but let's not play the success of all the work we have put into STIX/TAXII too short. I don't want us to confuse the new people coming into the group who may not understand STIX's history.
Aharon Chernin
CTO SOLTRA
| An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org>
Sent: Thursday, June 25, 2015 9:20 AM To: Jerome Athias; Peter Allor Cc: cti@lists.oasis-open.org Subject: Re: [cti] CTI-Outreach Sub-Committee Nominations/Discussion A quick comment re: "STIX/TAXII in their current incarnation do NOT work very well":
STIX/TAXII in their current incarnation work *** extremely well*** for many of us in many use cases. That does not mean we do not have challenges, but Open Community tools based on these standards are working today! Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 pmaroney@specere.org From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Jerome Athias <athiasjerome@gmail.com>
Sent: Thursday, June 25, 2015 2:17:45 AM To: Peter Allor Cc: cti@lists.oasis-open.org Subject: Re: [cti] CTI-Outreach Sub-Committee Nominations/Discussion #1 Just a note regarding the vendors perspective, why "STIX/TAXII in their current incarnation do NOT work very well"?
Why all big vendors are still not here? (do they think they have better patented proprietary solutions than CTI? do they have no interest of collaborating on interoperability? do they just wait we do the specification job for them
before to jump in?). Vendor perspective feedback welcome here.
#2 Regarding the user perspective (and implicitly the vendor one), we would have to clearly demonstrate why CTI is important and what would be the benefits for an organisation to invest into it.
How does it operationally help a CSIRT/SOC to be more effective; save time and money, or do more, faster.
Few months ago, I commented about the STIX Course of Action specification.
From a strategic perspective, I think it could be useful, in the future (2.0 ?...), to take some time trying to develop the business element.
Without too much details for now, because the -Cost- element is specified; a little extension (money/time/quality in mind), e.g.: The 'Time' property characterizes the estimated time for applying a Course of Action to achieve its targeted objective, ... e.g.: it would take X days/hours for digital forensics of 1 workstation with Chain of Custody The idea would be helping adoption and obtaining budget for CTI-related activities, services or technologies... by showing the business value. And this kind of points of extensions (that would have first to remain optional to avoid complexity) or support of other 'standards' like TLP, CVRF, etc. AND documentation/guidance referring to standards/frameworks/policies/compliance
(mapping to CSF, SP 800-53 Families, ISO 27k, Incident Response, Business Continuity, etc. - in short, how to map bottom-up with top-down approaches (Ref. conceptual models & co. topic)) and how CTI fits in would help, imho, if not answering to #2, at least
to create interest, and demonstrate the need, from the user/vendor perspective.
2015-06-24 20:11 GMT+03:00 Peter Allor <pallor@us.ibm.com>:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]