OASIS Cyber Threat Intelligence (CTI) TC

Purpose: To identify and support the current and future database requirements for the various versions of STIX, CYBOX, and TAXII that exist and will exist.  Proposed Deliverables:  ?Best Practices  Database Schemas Example Database Implementations  Document Implementation Strategies Design query solutions for each standard that work well with various database backends.  Chair(s): Eric Burger (Georgetown University) & Jerome Athias (Individual) Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail

Hi Bret, I would like to see this expanded to cover 'implementation of STIX, TAXII and CybOX', such that it helps bridge the gap between the schema and reference libraries generated by the CybOX/TAXII/STIX SC and the people who are actually implementing them in their tools. Examples could be producing libraries in additional languages, producing database schemas, producing test results of different storage methods, maintaining a list of TAXII compatible products, maybe even performing testing and certification of new tools to confirm compliance in the future. Cheers Terry MacDonald STIX, TAXII, CybOX Consultant M: +61-407-203-026 E:  terry.macdonald@threatloop.com W:  www.threatloop.com Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers. On 20 June 2015 at 02:42, Jordan, Bret < bret.jordan@bluecoat.com > wrote: Purpose: To identify and support the current and future database requirements for the various versions of STIX, CYBOX, and TAXII that exist and will exist.  Proposed Deliverables:  ?Best Practices  Database Schemas Example Database Implementations  Document Implementation Strategies Design query solutions for each standard that work well with various database backends.  Chair(s): Eric Burger (Georgetown University) & Jerome Athias (Individual) Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

I like it.. Good points. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   On Jun 19, 2015, at 15:06, Terry MacDonald < terry.macdonald@threatloop.com > wrote: Hi Bret, I would like to see this expanded to cover 'implementation of STIX, TAXII and CybOX', such that it helps bridge the gap between the schema and reference libraries generated by the CybOX/TAXII/STIX SC and the people who are actually implementing them in their tools. Examples could be producing libraries in additional languages, producing database schemas, producing test results of different storage methods, maintaining a list of TAXII compatible products, maybe even performing testing and certification of new tools to confirm compliance in the future. Cheers Terry MacDonald STIX, TAXII, CybOX Consultant M: +61-407-203-026 E:  terry.macdonald@threatloop.com W:  www.threatloop.com Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers. On 20 June 2015 at 02:42, Jordan, Bret < bret.jordan@bluecoat.com > wrote: Purpose: To identify and support the current and future database requirements for the various versions of STIX, CYBOX, and TAXII that exist and will exist.  Proposed Deliverables:  ?Best Practices  Database Schemas Example Database Implementations  Document Implementation Strategies Design query solutions for each standard that work well with various database backends.  Chair(s): Eric Burger (Georgetown University) & Jerome Athias (Individual) Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail

This sounds like something a bit different than a “database subcommittee” or a “data model subcommittee.” To me, it sounds like implementation or best practices. On Jun 19, 2015, at 5:12 PM, Jordan, Bret < bret.jordan@BLUECOAT.COM > wrote: I like it.. Good points. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   On Jun 19, 2015, at 15:06, Terry MacDonald < terry.macdonald@threatloop.com > wrote: Hi Bret, I would like to see this expanded to cover 'implementation of STIX, TAXII and CybOX', such that it helps bridge the gap between the schema and reference libraries generated by the CybOX/TAXII/STIX SC and the people who are actually implementing them in their tools. Examples could be producing libraries in additional languages, producing database schemas, producing test results of different storage methods, maintaining a list of TAXII compatible products, maybe even performing testing and certification of new tools to confirm compliance in the future. Cheers Terry MacDonald STIX, TAXII, CybOX Consultant M: +61-407-203-026 E:  terry.macdonald@threatloop.com W:  www.threatloop.com Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers. On 20 June 2015 at 02:42, Jordan, Bret < bret.jordan@bluecoat.com > wrote: Purpose: To identify and support the current and future database requirements for the various versions of STIX, CYBOX, and TAXII that exist and will exist.  Proposed Deliverables:  ?Best Practices  Database Schemas Example Database Implementations  Document Implementation Strategies Design query solutions for each standard that work well with various database backends.  Chair(s): Eric Burger (Georgetown University) & Jerome Athias (Individual) Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.