Is there a way with "your" product to trace the STIX object back to the original source/publisher?
Meaning, if someone send you a STIX package with an Information Source object included in it (and there is no data marking object that prevents the information source from being shared), do you keep it around and use it if you republish that STIX package. Yes, it seems obvious in open sharing that people would do this, but my guess is that if we do not call it out, some will just drop it on the floor and do their own thing.
Thanks,
Bret Bret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
What do you mean by "information source integrity"?
Okay, now I think we are getting out of the weeds and moving forward, so what about this, with the changes from Jason and Eric.
For STIX:
Does your product support:
S1) Data marking / handing
S2) Information source integrity
S3) The required fields from the following STIX Idioms
a) Indicators
b) Incidents
c) Threat Actors
d) Campaigns
e) TTPs
f) Course of Actions
g) Exploit Targets
h) Observables
S4) The required fields from the following CybOX objects
i) TBD
S5) Do you support STIX Profile processing for the following profiles
a) TBD
b) TBD
Optional Extras You Might Support (this is meant to give extra color / context to differentiate products)
SA) Do you have a UI for STIX generation
For TAXII:
Does your product support:
T1) Discovery Services
T2) Collection Services
T3) Subscription Services
T4) Poll Services
T5) Inbox Services
T6) Data Feeds
T7) Data Collections
T8) Delete Requests
Optional Extras You Might Support
TA) Authentication
TB) Two-factor Authentication
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
RE STIX 3.h, I would also like to see included in the profile a list of the CybOX objects supported.
RE TAXII 8,9 I am not sure how authentication types can be included in the profile when they are not part of the TAXII protocol.
-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security |
www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
|