OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

openc2-lang message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: SCAP 2.0 Monitoring Overlay Idea

Very Interesting, Adam

 

I have worked on a couple specifications that included  remote monitoring in the past, and have recently written up those two approaches as potential starting points for OpenC2 including similar functions.

 

https://github.com/oasis-tcs/openc2-usecases/blob/master/EnergyMashupLab/Reporting%20%26%20Monitoring.md

 

My thoughts had been time related, but key event related, such as on-start-up seems a natural extension.

 

I would be very interested in your comments on the Use Case above, which references the monitoring/reporting component two previous specifications. Neither one seems exactly right for this specification, but with the added description from your document, we may be getting close to something that we can use to begin work on an OpenC2 Actuator Profile for such a service.

 

tc

 

From: openc2-lang@lists.oasis-open.org <openc2-lang@lists.oasis-open.org> On Behalf Of duncan sfractal.com
Sent: Tuesday, June 16, 2020 10:27 PM
To: Adam Montville <Adam.Montville@cisecurity.org>; openc2-lang <openc2-lang@lists.oasis-open.org>
Subject: [openc2-lang] FW: SCAP 2.0 Monitoring Overlay Idea

 

Adam,

Thank you. I am forwarding this on to the experts to prepare a use case explain how to do it. We look forward to working together.

 

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at http://vsre.info/

 

 

From: Adam Montville <Adam.Montville@cisecurity.org>
Date: Tuesday, June 16, 2020 at 2:58 PM
To: "duncan@sfractal.com" <duncan@sfractal.com>
Subject: SCAP 2.0 Monitoring Overlay Idea

 

Hi Duncan,

 

Per your request, Iâve attached a draft-of-a-draft overview of what the SCAP 2.0 group is considering as a requirement. That group would like to be able to schedule state collection and evaluation on various intervals ranging from when a computing resource âwakes upâ or connects (from the perspective of the enterprise), when a target attribute of interest changes (i.e. configuration setting X has changed from enabled to disabled), to a variety of time-based intervals ranging from minutes to months.

 

Rather than reinvent any wheels, they asked me to see whether OpenC2 might have some _expression_ for this sort of thing.

 

Thanks in advance for your help.

 

Kind regards,

 

Adam

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]