[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Call for CTI De-Fanging Conventions (Draft Motion)
Mark,
Thanks for your support. I concur with your comment but would add that given a normative standard (generalized enough to be applicable to things like narrative forms), we can at least advocate adoption of same within our consumer/producer stakeholder
communities.
Patrick Maroney
President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org I support this!
Although I suspect we will also have to deal with a ton of "non-standard" defag approaches in the field regardless of what every we formally come up with in OASIS.
Defanged data does not place nice with automated hunting for the signs of the fangs.
-Mark
Mark Clancy
Chief Executive Officer
SOLTRA
|
An FS-ISAC and DTCC Company
+1.813.470.2400
office
|
+1.610.659.6671 US mobile
| +44 7823 626 535 UK mobile
mclancy@soltra.com
| soltra.com
One organization's incident becomes everyone's defense.
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org>
Sent: Thursday, August 20, 2015 9:35 AM To: cti@lists.oasis-open.org Subject: [cti] Call for CTI De-Fanging Conventions (Draft Motion) One CTI Standard that would provide broad applicability and immediate value to the overall CTI Community would be the definition and adoption of a set of standards and methods for "de-fanging" Indicators and weaponized/malicious artifacts.
Draft Motion:
The OASIS CTI TC shall develop Normative CTI standards for "de-fanging" Indicators and weaponized/malicious artifacts.
This includes non-normative methods for "De-Fanging" /"Re-Fanging" and compliance validation of STIX and CybOX data.
Format of this specification shall be universal in nature with specific enumerations within STIX/CybOX* referencing this "default" convention.
* Depending on the outcomes of TAXII functionality discussions this standard may be applicable to TAXII in addition to STIX and CybOX. (i.e., is TAXII processing/parsing atomic level objects and making decisions based on content and marking?, Query functionality
within TAXII).
Patrick Maroney
President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]