OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Re: Open Question to the CTI Community


Well said, Aharon.

<2c>
STIX is a particular contract about threat data between the producer and consumer. (threat model, data format)
TAXII is a particular contract about data exchange between a client and a server (standard protocol)
And CyBox is, well CyBox, and understood in STIX.

So the effort here is about the definition of those elements, and any implementation that produces them is compliant.

Oasis and standards bodies frequently find it useful to produce bindings for particular implementations.They are written as profiles and distinct from the language spec. STIX did that out of the gate - but they're still bindings (to HTTP versions, XML Formats, ...).

In a perfect world - scratch that. In our world we're navigating what is, and trying to identify and deliver what's useful to consumers. Developers and Vendors have agenda's, needs, and requirements. But consumer use cases first will help us prioritize and focus, and meet the two subsidiary parties.
</2c>

Cheers!

~r

ron.williams@us.ibm.com | stsm, ibm master inventor | chief architect, infrastructure protection | divisional idt lead | ibm | mobile +1.512.633.7711 | ofc +1.720.349.2236

"It is much less dangerous to think like a man of action, than to act like a man of thought."
- Nicholas Nassim Taleb


Inactive hide details for Aharon Chernin ---08/19/2015 08:29:46---> (1) CybOX is  'just a language', STIX is an "Envelope/Box" Aharon Chernin ---08/19/2015 08:29:46---> (1) CybOX is 'just a language', STIX is an "Envelope/Box" that can be used to address/package let

From: Aharon Chernin <achernin@soltra.com>
To: Patrick Maroney <Pmaroney@Specere.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 08/19/2015 08:29
Subject: [cti] Re: Open Question to the CTI Community
Sent by: <cti@lists.oasis-open.org>





> (1) CybOX is 'just a language', STIX is an "Envelope/Box" that can be used to address/package letters, poetry, written, books, magazines, produced in this language, and TAXII is the means to deliver said packages (e.g. Postal Service, FedEx, etc.)

This is all opinion, but my opinion is "kind of". I do see the STIX_Package object as an envelope for high level STIX objects (agreeing with your envelope analogy). I do not see the individual high level STIX objects agreeing with your envelope analogy. These high level objects mostly represent "things". I have not come up with a good analogy for CybOx other than "necessary evil"�

Here is my view of the world:
STIX: Assertive threat language. HTML for threats.
CybOx: Cyber fact language
TAXII: Transport "protocol", query protocol, the server, etc. The http for STIX, so that we can create the Apache for Cyber Intel. Does Apache do order processing for Amazon?

In my opinion, the warehousing and back end order processing should not be standardized as it's areas where vendors can innovate without breaking interoperability.


Aharon Chernin
CTO

SOLTRA | An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647
813.470.2173 | achernin@soltra.com
www.soltra.com




From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org>
Sent:
Tuesday, August 18, 2015 4:34 PM
To:
cti@lists.oasis-open.org
Subject:
[cti] Open Question to the CTI Community

Caveat: Please do not infer any negative connotations in the folllowing. I no doubt have my views on the matter***, but do not assert anything here other than the suggestion that we really should sort out these fundamentally different perspectives out and get consensus.

There seem to be two distinct camps of thought:

(1) CybOX is 'just a language', STIX is an "Envelope/Box" that can be used to address/package letters, poetry, written, books, magazines, produced in this language, and TAXII is the means to deliver said packages (e.g. Postal Service, FedEx, etc.)

(2) All of these combined somehow form an information repository (how things are racked, stacked, and found in the warehouse) and TAXII is the "Amazon".

These are somewhat flawed analogies, but hopefully my point is clear.

So is TAXII the just Transport?....or the Warehouse, Transport, and Order Processing system?

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk:
(856)983-0001
Cell:
(609)841-5104
Email:
pmaroney@specere.org

*** I do have a strongly held bias that externally facing/exposed TAXII Gateways should only hold ephemeral data as long as is required to reliably "ship the package".





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]