[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [openc2-actuator] Broadcom ICDX wrt actuator profiles
Sure. It's pretty easy to find. Do a search for "ICDxÂ1.3.1", say, and the top link is probably:Âhttps://support.symantec.com/us/en/article.doc11589.html. That gets you to the table of contents for the Admin Guide. Download the PDF for that at the bottom of the page (or click here:Âhttps://support.symantec.com/us/en/article.doc11589.html). That's 239 pages. The OpenC2 part is what we callÂan "Action Adapter", so you can limit your reading to Chapter 7 ("Configuring action adapters and action API keys inÂICDx") and Appendix B ("Action adapter request and response examples inÂICDx").If you are a Symantec customer of SEPM, you can download the appliance for FREE and run it yourself. The appliance includes on-line help specific to the webpage you are on. That can be found at:Âhttps://help.symantec.com/cs/ICDX_1.3.1/ICDX/ICDX_Configuration_Adapters/title?locale=EN_US
HII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: dave.lemire@g2-inc.com
Work: 301-575-5190 | Mobile: 240-938-9350
I was more referring to the links of ÂICDX documentation than to how to run the demo.
Â
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more atÂhttp://vsre.info/
Â
Â
From: Dave Lemire <dave.lemire@g2-inc.com>
Date: Wednesday, February 12, 2020 at 9:30 AM
To: "duncan@sfractal.com" <duncan@sfractal.com>, "oasis.oc2.apsc" <openc2-actuator@lists.oasis-open.org>
Subject: Re: [openc2-actuator] Broadcom ICDX wrt actuator profilesÂ
Responding to task (1):Â The linksÂwere inÂa comprehensive email that Brian Berliner sent to the plugfest mail list on 23 January, subj: Symantec ICDx OpenC2 Lab availability for PlugFest.
Â
I see a link for submitting commands:
Â
Â
And a URL to confirm that a quarantine has succeeded:ÂÂAnd, finally, to verify that your device has actually been Quarantined, I created a Web Server on the Windows Lab server I built, which becomes inaccessible when the device has been quarantined. You can test it with a simple command to the device itself (or just use "ping"):
Â
curl --request GET 'http://35.199.17.141'
Â
Â
Brian alsoÂattached a Postman Collection and Environment that you can use directly by importing into the Postman tool (https://www.getpostman.com/), if you like.ÂÂ
Â
To use any of these, you have to email Brian to get an individual API Key.
Â
Dave
Â
David Lemire, CISSP
Systems Engineer
HII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: dave.lemire@g2-inc.com
Work: 301-575-5190 | Mobile: 240-938-9350
Â
Â
On Wed, Feb 12, 2020 at 9:18 AM duncan sfractal.com <duncan@sfractal.com> wrote:
Although they could not attend the plugfest, Broadcom contributed a working ICDX to the plugfest. One of the many items on my to-do list is to go thru the ICDX documentation with a view to defining actuator profiles. I suspect there are actuators in their documentation for which we do not yet have OASIS actuator profiles. I doubt Iâll have the time to ever get to this item so Iâm soliciting help from anyone else in the AP-SC who might want to help. Iâd include a link but unfortunately the two Broadcom links on https://github.com/oasis-tcs/openc2-usecases/blob/master/Cybercom-Plugfest/Plugfest-Outcomes.md are not yet filled out. The links to the ICDX info is in the email archives somewhere. Any help would be appreciated. Ie (1) find the links (2) fillin the plugfest outcomes at least with the links, and (3) review the ICDX documentation in the links with the view of comparing to existing OASIS actuator profiles and highlighting where we could start some new profile work based on the work Broadcom has already done.
Â
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more atÂhttp://vsre.info/
Â
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]