RE: EXT :[openc2-lang] RE: SCAP 2.0 Monitoring Overlay Idea

["MARONEY, PATRICK" <rx118r@att.com>]

General comment on Temporality , Causality, and re-invention of said ‘Wheel’:

 

Wouldn’t subsumption/adoption of Allen, et al, temporal principles as expressed in W3C OWL-Time (https://www.w3.org/TR/owl-time/) help lay the foundations for consistent Temporality & Causality representations across platforms/use cases?

 

Patrick Maroney

Principal –Cybersecurity

AT&T Chief Security Office

 

From: openc2-lang@lists.oasis-open.org <openc2-lang@lists.oasis-open.org> On Behalf Of Lemire, Dave (HII-TSD)
Sent: Wednesday, June 17, 2020 10:02 AM
To: Considine, Toby <Toby.Considine@unc.edu>; duncan sfractal.com <duncan@sfractal.com>; Adam Montville <Adam.Montville@cisecurity.org>; openc2-lang <openc2-lang@lists.oasis-open.org>
Subject: [openc2-lang] Re: EXT :[openc2-lang] RE: SCAP 2.0 Monitoring Overlay Idea

 

Adam,

 

The proposal is written in terms of creating and distributing a file listing monitoring specifications in a structured format. Would it be acceptable to instead receive an OpenC2 command, structured similarly to the JSON example in the file?

 

Is the intent to direct this information at the Collector, the element provided the data, or both?

 

What's the expansion of "PCE"?

 

Dave

 

David Lemire

Systems Engineer

HII Mission Driven Innovated Solutions (HII-MDIS)

Technical Solutions Division

302 Sentinel Drive | Annapolis Junction, MD 20701

Work (301) 575-5190 | Mobile (443) 535-1182

---

From: openc2-lang@lists.oasis-open.org <openc2-lang@lists.oasis-open.org> on behalf of Considine, Toby <Toby.Considine@unc.edu>
Sent: Wednesday, June 17, 2020 7:58:16 AM
To: duncan sfractal.com; Adam Montville; openc2-lang
Subject: EXT :[openc2-lang] RE: SCAP 2.0 Monitoring Overlay Idea

 

CAUTION: This email originated from outside your organization. Exercise caution when opening attachments or clicking links, especially from unknown senders.

 

Very Interesting, Adam

 

I have worked on a couple specifications that included  remote monitoring in the past, and have recently written up those two approaches as potential starting points for OpenC2 including similar functions.

 

https://github.com/oasis-tcs/openc2-usecases/blob/master/EnergyMashupLab/Reporting%20%26%20Monitoring.md [github.com]

 

My thoughts had been time related, but key event related, such as on-start-up seems a natural extension.

 

I would be very interested in your comments on the Use Case above, which references the monitoring/reporting component two previous specifications. Neither one seems exactly right for this specification, but with the added description from your document, we may be getting close to something that we can use to begin work on an OpenC2 Actuator Profile for such a service.

 

tc

 

From: openc2-lang@lists.oasis-open.org <openc2-lang@lists.oasis-open.org> On Behalf Of duncan sfractal.com
Sent: Tuesday, June 16, 2020 10:27 PM
To: Adam Montville <Adam.Montville@cisecurity.org>; openc2-lang <openc2-lang@lists.oasis-open.org>
Subject: [openc2-lang] FW: SCAP 2.0 Monitoring Overlay Idea

 

Adam,

Thank you. I am forwarding this on to the experts to prepare a use case explain how to do it. We look forward to working together.

 

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at http://vsre.info [vsre.info]/

 

 

From: Adam Montville <Adam.Montville@cisecurity.org>
Date: Tuesday, June 16, 2020 at 2:58 PM
To: "duncan@sfractal.com" <duncan@sfractal.com>
Subject: SCAP 2.0 Monitoring Overlay Idea

 

Hi Duncan,

 

Per your request, I’ve attached a draft-of-a-draft overview of what the SCAP 2.0 group is considering as a requirement. That group would like to be able to schedule state collection and evaluation on various intervals ranging from when a computing resource “wakes up” or connects (from the perspective of the enterprise), when a target attribute of interest changes (i.e. configuration setting X has changed from enabled to disabled), to a variety of time-based intervals ranging from minutes to months.

 

Rather than reinvent any wheels, they asked me to see whether OpenC2 might have some _expression_ for this sort of thing.

 

Thanks in advance for your help.

 

Kind regards,

 

Adam

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .