[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Request-response over pub/sub for openC2
More as a spec than an example, here is the McAfee opendxl messaging constructs for pub-sub and req-res https://opendxl.github.io/opendxl-client-python/pydoc/dxlclient.message.html If you look at the request message structure, it includes a field for the response topic.
From: "duncan sfractal.com" <duncan@sfractal.com>
Could you give an example? It would be particularly useful for a command (eg add a firewall rule, block an ip, etc) as the emphasis is on the C2 in openc2 iPhone, iTypo, iApologize From: openc2@lists.oasis-open.org <openc2@lists.oasis-open.org> on behalf of Das, Sudeep <Sudeep_Das@McAfee.com> Openc2 members, I received a request for technical assistance on openc2 over mqtt spec from Mr Brule earlier today. I am responding to oasis relay as recommended by Mr Brule.
The discussion is around setting up topics. > Would you set up a topic that is 'action' so an orchestrator would
> post a 'deny evil_domain' then would you set up another topic 'response_action'
> so any actuator that could act on the deny evil domain would post
> its ack on the 'response_deny' channel? Or would you guys make the
>topics more device centric, so there would be a topic that is 'gateway_routers' > and the orchestrator posts the commands there then each
> router would have its own topic 'router_one', 'router_two' etc. to post its response. There are a few challenges to the openc2 spec in terms of pub sub. Openc2 messaging specifies request-response semantics, which is a different message pattern vis-Ã-vis pub-sub. The way we may manage req-res over pub-sub is as below (as
implemented in McAfee opendxl )
Happy to discuss further on the thread Sudeep Das Principal Engineer McAfee LLC |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]