[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: EXT :[openc2-lang] RE: SCAP 2.0 Monitoring Overlay Idea
Adam,
The proposal is written in terms of creating and distributing a file listing monitoring specifications in a structured format. Would it be acceptable to instead receive an OpenC2 command, structured similarly to the JSON example in the file?
Is the intent to direct this information at the Collector, the element provided the data, or both?
What's the expansion of "PCE"?
Dave
David Lemire Systems Engineer HII Mission Driven Innovated Solutions (HII-MDIS) Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701 Work (301) 575-5190 | Mobile (443) 535-1182 From: openc2-lang@lists.oasis-open.org <openc2-lang@lists.oasis-open.org> on behalf of Considine, Toby <Toby.Considine@unc.edu>
Sent: Wednesday, June 17, 2020 7:58:16 AM To: duncan sfractal.com; Adam Montville; openc2-lang Subject: EXT :[openc2-lang] RE: SCAP 2.0 Monitoring Overlay Idea
Very Interesting, Adam I have worked on a couple specifications that included remote monitoring in the past, and have recently written up those two approaches as potential starting points for OpenC2 including similar functions. My thoughts had been time related, but key event related, such as on-start-up seems a natural extension. I would be very interested in your comments on the Use Case above, which references the monitoring/reporting component two previous specifications. Neither one seems exactly right for this specification, but
with the added description from your document, we may be getting close to something that we can use to begin work on an OpenC2 Actuator Profile for such a service. tc From: openc2-lang@lists.oasis-open.org <openc2-lang@lists.oasis-open.org>
On Behalf Of duncan sfractal.com Adam, Thank you. I am forwarding this on to the experts to prepare a use case explain how to do it. We look forward to working together. Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info
[vsre.info]/ From: Adam Montville <Adam.Montville@cisecurity.org> Hi Duncan, Per your request, I’ve attached a draft-of-a-draft overview of what the SCAP 2.0 group is considering as a requirement. That group would like to be able to schedule state collection and evaluation on various
intervals ranging from when a computing resource “wakes up” or connects (from the perspective of the enterprise), when a target attribute of interest changes (i.e. configuration setting X has changed from enabled to disabled), to a variety of time-based intervals
ranging from minutes to months. Rather than reinvent any wheels, they asked me to see whether OpenC2 might have some _expression_ for this sort of thing. Thanks in advance for your help. Kind regards, Adam This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments
is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]