[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fwd: Re: [cti-publicmirror] Re: [cti] Summary of the working call
Forwarded on behalf of Paul Vixie. -------- Forwarded Message -------- Return-Path: vixie@fsi.io Date: Fri, 25 Aug 2017 04:26:44 +0000 In-Reply-To: <20170825032045.28DD89E0C3@indium.dfw01.oasis-infra.net> References: <DDD46875-D74E-4E32-977F-2A7184436BEB@cisecurity.org> <ba25135c-3a84-f44a-5abc-7ee07428a0ef@circl.lu> <20170825032045.28DD89E0C3@indium.dfw01.oasis-infra.net> MIME-Version: 1.0 Subject: Re: [cti-publicmirror] Re: [cti] Summary of the working call To: Jerome Athias <jerome.athias@protonmail.com>, Alexandre.Dulaunoy@circl.lu From: P Vix <vixie@fsi.io> Message-ID: <26ED21C3-2F02-44CA-BE63-9F87D70FD98C@fsi.io> I'm a guest so I can't post. In the bind10 project we let the stakeholders have both veto and priority setting powers. We wasted five years of our time and $3mil of their money and never produced anything useful. The project was shut down in disgrace. It's a blot on my record. Never again. Say it with me. Never again. Please forward to the original list if you would. On August 24, 2017 8:20:38 PM PDT, Jerome Athias <jerome.athias@protonmail.com> wrote: >I am disappointed to feel that our probably most important users (who >should be key orchestrators) feedback or propositions seem to be >constantly disregarded or not properly and carefully taken into >consideration >Best of luck to them here > >Carpe diem >/ja > >On Wed, Aug 23, 2017 at 11:42 AM, Alexandre Dulaunoy ><Alexandre.Dulaunoy@circl.lu> wrote: > >> On 22/08/17 22:12, Sarah Kelley wrote: > On today’s working call, we >discussed the event object. We didn’t have someone taking full notes, >but I’ll try to summarize what was discussed below. > > > 1. The event >object should be scoped down to just an IR type of event/incident. This >would need to be clarified in the text, but that would then scope out >some of our other use cases such as: > * An ‘alert’ coming into your >system > * An ‘event’ such as a threat actor registering a domain > * >The MISP version of ‘event’ As our past proposals (event and updated >report) were rejected and seeing how despite expectations the new event >SDO won't accommodate the requirements of many CERTs and considering >that we need to move on regarding this, we propose a new SDO called >generic event to be able to map MISP events to STIX. >https://www.misp-project.org/generic-event-proposal-STIX-2.1.pdf Thank >you very much -- Alexandre Dulaunoy CIRCL - Computer Incident Response >Center Luxembourg 41, avenue de la gare L-1611 Luxembourg info@circl.lu >- www.circl.lu - (+352) 247 88444 >--------------------------------------------------------------------- >To unsubscribe from this mail list, you must leave the OASIS TC that >generates this mail. Follow this link to all your TCs in OASIS at: >https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]