[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [openc2-imple] OpenC2 vs OpenDxl Ontology
HII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: dave.lemire@g2-inc.com
Work: 301-575-5190 | Mobile: 240-938-9350
First I've heard of this. I'm not quite sure "ontology" is the right label, but it's what they've picked, so ...From the GitHub READMD.mdÂit definitelyÂlooks like they're encroachingÂon OpenC2 space:What is the OpenDXL Ontology?
- Focused on development of open, interoperable cybersecurity messaging format for use with OpenDXL messaging bus
- Categorized set of messages used to perform actions on cybersecurity products and notifications used to signal when significant security-related events occur
- Incorporates other common open standards for message content (OpenC2, STIX, etc.)
- Includes sample code that demonstrates how to integrate the ontology into existing security products and related solutions
- Documented using theÂOpenDXL API SpecificationÂformat
- Offered under theÂApache 2.0 license
At least they've given us some credit. I find it interesting that they call it a "messaging format" yet appear to be defining and documenting it more as an API, and really providing no documentation of the intended effect beyond the action name itself. I'm no ontology expert, but this doesn't look anything like what I get from talking to Toby or reading about ontologies online.There's also an announcement on their website:February 24, 2020 â San Francisco, CA â The Open Cybersecurity Alliance (OCA) today announced the availability of OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common messaging framework.Reading the whole announcement, there isn't even a nod to OpenC2 there. And they clearly aren't the "first" open source language for this purpose.DaveDavid Lemire, CISSPSystems EngineerHII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: dave.lemire@g2-inc.com
Work: 301-575-5190 | Mobile: 240-938-9350
I think the IC-SC should look more closely at the OpenDxl Ontology being proposed by McAfee in the OASIS Open Cybersecurity Alliance.
Â
See https://opencybersecurityalliance.github.io/opendxl-ontology/.
Â
I personally am for the principles behind the OCA (ie vendor agnostic interoperability). I thought they were going to leverage existing standards like OpenC2. I am concerned that I think the ontology is not what I think of as a ontology but is instead a command and control language. For example their command âblacklistâ looks to me like the OpenC2 command âdenyâ. Maybe I am misunderstanding but I think people should look and we should have a FAQ about how they relate. If they are âcompetingâ, I recommend interested parties contribute their views to OCA, hopefully supporting not reinventing the wheel. If they are not competing then the FAQ should explain.
Â
Â
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more atÂhttp://vsre.info/
Â
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]