OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Re: [cti-users] Re: [cti] Thoughts on STIX and some of the other threads on this list


John - REST is one of the topics we have actively been exploring on the TAXII slack channel.

Please take a look at our TAXII Blue Sky REST ideation page here - https://github.com/FreeCTI/BlueSky/wiki/HTTP-REST-API .

NOTE This is an ideation page only as it is easier to discuss ideas that are written down. We welcome your comments.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Patrick Maroney ---09/09/2015 05:43:40 PM---John, Presume you are referring to Roy Thomas Fielding's Patrick Maroney ---09/09/2015 05:43:40 PM---John, Presume you are referring to Roy Thomas Fielding's PhD dissertation "Architectural Styles and

From: Patrick Maroney <Pmaroney@Specere.org>
To: John Anderson <janderson@soltra.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Cc: "cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
Date: 09/09/2015 05:43 PM
Subject: [cti] Re: [cti-users] Re: [cti] Thoughts on STIX and some of the other threads on this list
Sent by: <cti@lists.oasis-open.org>





John,

Presume you are referring to Roy Thomas Fielding's PhD dissertation "Architectural Styles and the Design of Network-based Software Architectures"?

https://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation.pdf

Pat

_____________________________
From: John Anderson <
janderson@soltra.com>
Sent: Wednesday, September 9, 2015 5:29 PM
Subject: [cti-users] Re: [cti] Thoughts on STIX and some of the other threads on this list
To: <
cti@lists.oasis-open.org>
Cc: <
cti-users@lists.oasis-open.org>



Hello, CTI@OASIS people! I'm relatively new here, so please forgive any heresy that follows. 😊

I've been reading the OASIS discussions for a couple months now. I've read the specification documents (whew!). I've coded with the Python libraries, and picked up on some of the nuances of TAXII, STIX and CyBOX. And my impression is...there's gotta be a better way.

Eric points out some qualities we might find in that "better way", including ubiquitous deployment. Aharon rightly brings us back home to the necessity of consumer adoption. And many of you have suggested practical changes (such as alternate data formats), as way to ease implementation, hence vendor adoption.

It sounds like we're trying to achieve Web-scale success. And that brings to mind some things I've read in Chapter 5 of Dr. Roy Fielding's dissertation. So, here's my heretical question:

What would TAXII 2.0 look like if we started from scratch* and implemented it according to Chapter 5?

Sincerely,
John Anderson

PS- *"From scratch" is not quite as drastic as it sounds. STIX and CyBOX objects are pretty close to being Resources, so they would be mostly reusable. Imagine browsing STIX and clicking through links to related objects. That's how easy TAXII 2.0 could be.



From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Jordan, Bret <bret.jordan@bluecoat.com>
Sent:
Wednesday, September 9, 2015 3:40 PM
To:
Eric Burger
Cc:
cti@lists.oasis-open.org; cti-users@lists.oasis-open.org
Subject:
Re: [cti] Thoughts on STIX and some of the other threads on this list

Eric, great points and well said. I like your top level vision for this group as well, it is clear this is not your first rodeo.

"Simplicity, ease of use, one-way of doing things."

If we all step back and think about this for a moment, we will be successful if:


1) SOCs are using it and they do not even realize it, it is just ubiquitous everywhere with every tool and product in their network
2) "it just works", we have Apple-ize it
3) there are hundreds or thousands of APPs and tools on the various APP stores that people start doing really creative things with CTI data.
4) It is so simple and easy to use that everyone implements it because it is so easy to do so.
5) A customer that buys a solution does not need to know about which version of STIX or which binding is being used. It just works.... Once again we have Apple-ized it.
6) If every major network and security product vendor can either produce STIX, consume STIX, or perform data-enrichment on a STIX object.

I think it is really sad that we have more interconnection in our living rooms with our TVs than we have in our security products.

On the TAXII side, we are pushing to these Value statements. We are pushing for simplicity, elegance, and ease of use. We want TAXII to be the best way for sharing CTI, period. We want it to be so easy that there is no reason why you would not do it. We want it to just work and be so conceptually easy to understand.

I think that Eric and Bernd have really spelled out a call to action for this group. Lets answer the call, lets work together, lets solve this.

I believe we can solve this. I believe we as a group are smart enough and have enough collective wisdom to do it. I believe that we can really make a long-term difference in cyber security. I have a vision for where the SOC of the future needs to go, and I want to see us get there.


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]