[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Re: Observable Patterning
Comments inline
From: <cti@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org>
Date: Saturday, September 26, 2015 at 10:57 AM To: Terry MacDonald <terry.macdonald@threatloop.com> Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Steve Cell <ikirillov@mitre.org> Subject: Re: [cti] Re: Observable Patterning Probably not clear that I've similarly argued to keep TAXII focused on the transport of packages. In the query method suggested for consideration, the Pattern would be passed as a STIX (Query/RFI) package and results similarly returned (again as a STIX
package).
[sean]I also think we should keep TAXII focused on the transport of packages and I think I amy agree with the approach Pat is suggesting here but I am not sure. I think it will take quite a bit more discussion and detail to reach any sort of conclusions
on appropriateness and practicality.
It's important to visualize this a Data Graph that maps to the Conceptual CTI model (which is the basis for suggesting Cypher as an example representation). One can describe/query precise graphs of Objects/Relationships, any Nodes/Edges off of a Root
Node, etc.
I agree with Patrick's comments about ensuring pattern support for querying, but not the idea querying should be done in TAXII. Querying and answering should be done within STIX, so that the querying and answering done by the language contained within TAXII, and so that TAXII is free to concentrate on only delivering content. We should instead develop a STIX query object, and a STIX reply object in order to support question and answer directly within STIX. I won't go into the specific argument why here and clog this thread, but it has been discussed on the TAXII list recently. Cheers Terry MacDonald | STIX, TAXII, CybOX Consultant Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those
of my employers.
On 26 September 2015 at 01:33, Patrick Maroney
<Pmaroney@specere.org> wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]