[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [openc2-imple] OCA OpenDXL-Ontology vs OpenC2 - topic for IC-SC
Examples can be found here https://opencybersecurityalliance.github.io/opendxl-ontology/
I donât think that they support compound commands. OpenDXL was created to use the DXL fabric, thus an atomic command can be register into a topic and then all the services subscribed can get the command (pub/sub).
What they need to do is maybe to come up with a report/addition to their spec showcasing and describing how you can enable openc2 over DXL but then as I actually described it becomes OpenC2 overDXL and is not related anymore to the OpenDXL vocabulary.
Asking them to adopt our vocabulary will be like asking them to drop their ontology since the differences are not substantial. They do say though that â The
goal of the OpenDXL Ontology is to incorporate many different common and open standards (OpenC2 being one of them) â, which again it seems that is not the case. The least they can do is incorporate OpenC2 examples.
A more compromising approach would be to create a table mapping OpenDXL commands to OpenC2 commands. In such case a new problem will arise. If they showcase OpenC2 over DXL that creates a transfer spec, that will probably come in opposition with
how we Populate OpenC2 commands especially in the case that we want to include new fields in the payload such as the reference id of the command and possibly integrity and authentication-related fields (we are going to have a pub/sub spec if the different
protocols have similarities and the case of conflict will become even worse if we need to create individual transfer specs such as for DXL).
Just to make an uneducated assumption an OpenC2 example for blocking an IPv4_connection would: /action/deny/ipv4_connection and the payload.
-Vasileios
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]