OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Open Question to the CTI Community

> (1) CybOX is  'just a language', STIX is an "Envelope/Box" that can be used to address/package letters, poetry, written, books, magazines, produced in this language, and TAXII is the means to deliver said packages (e.g. Postal Service, FedEx, etc.)


This is all opinion, but my opinion is "kind of". I do see the STIX_Package object as an envelope for high level STIX objects (agreeing with your envelope analogy). I do not see the individual high level STIX objects agreeing with your envelope analogy.  These high level objects mostly represent "things".  I have not come up with a good analogy for CybOx other than "necessary evil"😊


Here is my view of the world:

STIX: Assertive threat language. HTML for threats.

CybOx: Cyber fact language

TAXII: Transport "protocol", query protocol, the server, etc. The http for STIX, so that we can create the Apache for Cyber Intel. Does Apache do order processing for Amazon?


In my opinion, the warehousing and back end order processing should not be standardized as it's areas where vendors can innovate without breaking interoperability.



Aharon Chernin
CTO
SOLTRA | An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647
813.470.2173 | achernin@soltra.com


From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org>
Sent: Tuesday, August 18, 2015 4:34 PM
To: cti@lists.oasis-open.org
Subject: [cti] Open Question to the CTI Community
 
Caveat: Please do not infer any negative connotations in the folllowing.  I no doubt have my views on the matter***, but do not assert anything here other than the suggestion that we really should sort out these fundamentally different perspectives out and get consensus.

There seem to be two distinct camps of thought:

(1) CybOX is  'just a language', STIX is an "Envelope/Box" that can be used to address/package letters, poetry, written, books, magazines, produced in this language, and TAXII is the means to deliver said packages (e.g. Postal Service, FedEx, etc.)

(2) All of these combined somehow form an information repository (how things are racked, stacked, and found in the warehouse) and TAXII is the "Amazon".

These are somewhat flawed analogies, but hopefully my point is clear.

So is TAXII the just Transport?....or the Warehouse, Transport, and Order Processing system?

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org

*** I do have a strongly held bias that externally facing/exposed TAXII Gateways should only hold ephemeral data as long as is required to reliably "ship the package".


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]