OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] CTI TC Adoption and Interoperability SCs

This is something that we will need to add to TAXII 2.0...  Eric / Jason, please give a detailed dump of what this should look and feel like on the CTI TAXII list so we can get working on this for TAXII 2.0



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Jul 14, 2015, at 08:30, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:

I presume what Eric means is, while we have support for profiles in STIX, (http://stixproject.github.io/documentation/profiles/), because they are not part of TAXII, they are not actually negotiated at all.

I can not write a client that talks to a generic TAXII server and say "my client supports this profile" and have the server say "OK that is supported by me, we will proceed" and the client then start sending / receiving data.

If there is some way to do this, that people are leveraging, whereby the profile spreadsheet files can be negotiated using TAXII.. it is unclear to me (and it would be great to be shared...!)

Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

<cti@lists.oasis-open.org> wrote on 2015/07/14 11:24:37 AM:

> From: "Barnum, Sean D." <sbarnum@mitre.org>

> To: Eric Burger <Eric.Burger@georgetown.edu>, "cti@lists.oasis-
> open.org" <cti@lists.oasis-open.org>

> Date: 2015/07/14 11:24 AM
> Subject: Re: [cti] CTI TC Adoption and Interoperability SCs
> Sent by: <cti@lists.oasis-open.org>
> Hi Eric,

> Just to clarify something mentioned below. "Since we do not have
> profiles (yet), one would be hard pressed to say one does “profile
> processing.”"

> We do currently have profiles and we do currently have “profile
> processing”. Many community members (including sharing communities
> that are CTI community members) are currently leveraging profiles.
> They specify them, share them and design their processes around them.

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]