Forwarded on behalf of Paul Vixie. -------- Forwarded Message -------- Return-Path:
vixie@fsi.io Date: Fri, 25 Aug 2017 04:26:44 +0000 In-Reply-To: <
20170825032045.28DD89E0C3@indium.dfw01.oasis-infra.net> References: <
DDD46875-D74E-4E32-977F-2A7184436BEB@cisecurity.org > <
ba25135c-3a84-f44a-5abc-7ee07428a0ef@circl.lu > <
20170825032045.28DD89E0C3@indium.dfw01.oasis-infra.net> MIME-Version: 1.0 Subject: Re: [cti-publicmirror] Re: [cti] Summary of the working call To: Jerome Athias <
jerome.athias@protonmail.com>,
Alexandre.Dulaunoy@circl.lu From: P Vix <
vixie@fsi.io> Message-ID: <
26ED21C3-2F02-44CA-BE63-9F87D70FD98C@fsi.io> I'm a guest so I can't post. In the bind10 project we let the stakeholders have both veto and priority setting powers. We wasted five years of our time and $3mil of their money and never produced anything useful. The project was shut down in disgrace. It's a blot on my record. Never again. Say it with me. Never again. Please forward to the original list if you would. On August 24, 2017 8:20:38 PM PDT, Jerome Athias <
jerome.athias@protonmail.com> wrote: >I am disappointed to feel that our probably most important users (who >should be key orchestrators) feedback or propositions seem to be >constantly disregarded or not properly and carefully taken into >consideration >Best of luck to them here > >Carpe diem >/ja > >On Wed, Aug 23, 2017 at 11:42 AM, Alexandre Dulaunoy ><
Alexandre.Dulaunoy@circl.lu> wrote: > >> On 22/08/17 22:12, Sarah Kelley wrote: > On today’s working call, we >discussed the event object. We didn’t have someone taking full notes, >but I’ll try to summarize what was discussed below. > > > 1. The event >object should be scoped down to just an IR type of event/incident. This >would need to be clarified in the text, but that would then scope out >some of our other use cases such as: > * An ‘alert’ coming into your >system > * An ‘event’ such as a threat actor registering a domain > * >The MISP version of ‘event’ As our past proposals (event and updated >report) were rejected and seeing how despite expectations the new event >SDO won't accommodate the requirements of many CERTs and considering >that we need to move on regarding this, we propose a new SDO called >generic event to be able to map MISP events to STIX. >
https://www.misp-project.org/generic-event-proposal-STIX-2.1.pdf Thank >you very much -- Alexandre Dulaunoy CIRCL - Computer Incident Response >Center Luxembourg 41, avenue de la gare L-1611 Luxembourg
info@circl.lu >-
www.circl.lu - (+352) 247 88444 >--------------------------------------------------------------------- >To unsubscribe from this mail list, you must leave the OASIS TC that >generates this mail. Follow this link to all your TCs in OASIS at: >
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php -- Sent from my Android device with K-9 Mail. Please excuse my brevity.