OASIS Cyber Threat Intelligence (CTI) TC

Hi Any info regarding CRE? http://scap.nist.gov/specifications/cre/ Thank you

Jerome, As always, thanks for sharing timely references to "our thing".  We need to leverage these standards wherever possible/practical. Question "CRE enables automation and enhanced correlation of enterprise remediation activities." I'm not seeing where CRE provides the machine readable specification (or reference to same) required to perform the very specific remediation action(s) to achieve, measure, or validate the remediation objectives/outcomes. It would seem that the reference to the OVRL specification or some other reference that leads one to the specific OVRL  The only specific external reference I see is the CPE (Common Platform Enumeration)?   ...What am I missing? @All:  (1) I like the Use Case formats of the NIST documents.  It would be great if we could adopt same or something similar to map to these existing body of work.  (2) Why reinvent taxonomies, descriptions, etc. where substantive instantiations of same (i.e., CCE, CVE, CPE)  already exist? Patrick Maroney President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org _____________________________ From: Jerome Athias < athiasjerome@gmail.com > Sent: Thursday, November 5, 2015 8:15 AM Subject: [cti] RFI CRE Common Remediation Enumeration To: < cti@lists.oasis-open.org > Hi Any info regarding CRE? http://scap.nist.gov/specifications/cre/ Thank you

I looked through the XML schema and its appears to be focused more on human-readable remediation descriptions than machine-based.


With regards to ‘@all’, I completely agree where possible.  Where not possible, we need to be trying to “embrace and extend” where possible so we can leverage the learning that has been done.  




— Paul Patrick











From: < cti@lists.oasis-open.org > on behalf of Patrick Maroney < Pmaroney@Specere.org >
Date: Thursday, November 5, 2015 at 9:22 AM
To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >, Jerome Athias < athiasjerome@gmail.com >
Subject: Re: [cti] RFI CRE Common Remediation Enumeration







Jerome,


As always, thanks for sharing timely references to "our thing".  We need to leverage these standards wherever possible/practical.


Question


"CRE enables automation and enhanced correlation of enterprise remediation activities."


I'm not seeing where CRE provides the machine readable specification (or reference to same) required to perform the very specific remediation action(s) to achieve, measure, or validate the remediation objectives/outcomes.


It would seem that the reference to the OVRL specification or some other reference that leads one to the specific OVRL  The only specific external reference I see is the CPE (Common Platform Enumeration)?  


...What am I missing?




@All:  (1) I like the Use Case formats of the NIST documents.  It would be great if we could adopt same or something similar to map to these existing body of work.  (2) Why reinvent taxonomies, descriptions, etc. where substantive instantiations of same
(i.e., CCE, CVE, CPE)  already exist?

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk:
(856)983-0001
Cell:
(609)841-5104
Email:
pmaroney@specere.org



_____________________________
From: Jerome Athias < athiasjerome@gmail.com >
Sent: Thursday, November 5, 2015 8:15 AM
Subject: [cti] RFI CRE Common Remediation Enumeration
To: < cti@lists.oasis-open.org >



Hi


Any info regarding CRE?
http://scap.nist.gov/specifications/cre/



Thank you

Right, I see CRE potentially useful as a middleware for a link to NIST SP 800-53 kind of things, for example in the COAs context I see CCE leverageable via use of an OVAL like language for IT-Assets And the CAPEC-CWE-CVE-CPE link PS: sorry if out of scope On Thursday, 5 November 2015, Paul Patrick < ppatrick@isightpartners.com > wrote: I looked through the XML schema and its appears to be focused more on human-readable remediation descriptions than machine-based. With regards to ‘@all’, I completely agree where possible.  Where not possible, we need to be trying to “embrace and extend” where possible so we can leverage the learning that has been done.   — Paul Patrick From: < cti@lists.oasis-open.org > on behalf of Patrick Maroney < Pmaroney@Specere.org > Date: Thursday, November 5, 2015 at 9:22 AM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >, Jerome Athias < athiasjerome@gmail.com > Subject: Re: [cti] RFI CRE Common Remediation Enumeration Jerome, As always, thanks for sharing timely references to "our thing".  We need to leverage these standards wherever possible/practical. Question "CRE enables automation and enhanced correlation of enterprise remediation activities." I'm not seeing where CRE provides the machine readable specification (or reference to same) required to perform the very specific remediation action(s) to achieve, measure, or validate the remediation objectives/outcomes. It would seem that the reference to the OVRL specification or some other reference that leads one to the specific OVRL  The only specific external reference I see is the CPE (Common Platform Enumeration)?   ...What am I missing? @All:  (1) I like the Use Case formats of the NIST documents.  It would be great if we could adopt same or something similar to map to these existing body of work.  (2) Why reinvent taxonomies, descriptions, etc. where substantive instantiations of same (i.e., CCE, CVE, CPE)  already exist? Patrick Maroney President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org _____________________________ From: Jerome Athias < athiasjerome@gmail.com > Sent: Thursday, November 5, 2015 8:15 AM Subject: [cti] RFI CRE Common Remediation Enumeration To: < cti@lists.oasis-open.org > Hi Any info regarding CRE? http://scap.nist.gov/specifications/cre/ Thank you

I can see where you headed.  I looked at NIST Asset Reporting Format (ARF) [ NISTIR-7694 and
NISTIR-7693 ] at one point as a representation for assets so that I could complete the linkage you mentioned below.









From: < cti@lists.oasis-open.org > on behalf of Jerome Athias < athiasjerome@gmail.com >
Date: Thursday, November 5, 2015 at 10:07 AM
To: Paul Patrick < ppatrick@isightpartners.com >
Cc: Patrick Maroney < Pmaroney@specere.org >, " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
Subject: [cti] Re: RFI CRE Common Remediation Enumeration





Right, I see CRE potentially useful as a middleware for a link to NIST SP 800-53 kind of things, for example in the COAs context


I see CCE leverageable via use of an OVAL like language for IT-Assets
And the CAPEC-CWE-CVE-CPE link


PS: sorry if out of scope

On Thursday, 5 November 2015, Paul Patrick < ppatrick@isightpartners.com > wrote:




I looked through the XML schema and its appears to be focused more on human-readable remediation descriptions than machine-based.


With regards to ‘@all’, I completely agree where possible.  Where not possible, we need to be trying to “embrace and extend” where possible so we can leverage the learning that has been done.  




— Paul Patrick











From: < cti@lists.oasis-open.org > on behalf of Patrick Maroney < Pmaroney@Specere.org >
Date: Thursday, November 5, 2015 at 9:22 AM
To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >,
Jerome Athias < athiasjerome@gmail.com >
Subject: Re: [cti] RFI CRE Common Remediation Enumeration







Jerome,


As always, thanks for sharing timely references to "our thing".  We need to leverage these standards wherever possible/practical.


Question


"CRE enables automation and enhanced correlation of enterprise remediation activities."


I'm not seeing where CRE provides the machine readable specification (or reference to same) required to perform the very specific remediation action(s) to achieve, measure, or validate the remediation objectives/outcomes.


It would seem that the reference to the OVRL specification or some other reference that leads one to the specific OVRL  The only specific external reference I see is the CPE (Common Platform Enumeration)?  


...What am I missing?




@All:  (1) I like the Use Case formats of the NIST documents.  It would be great if we could adopt same or something similar to map to these existing body of work.  (2) Why reinvent taxonomies, descriptions, etc. where substantive instantiations of same
(i.e., CCE, CVE, CPE)  already exist?

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email:
pmaroney@specere.org



_____________________________
From: Jerome Athias < athiasjerome@gmail.com >
Sent: Thursday, November 5, 2015 8:15 AM
Subject: [cti] RFI CRE Common Remediation Enumeration
To: < cti@lists.oasis-open.org >


Hi


Any info regarding CRE?
http://scap.nist.gov/specifications/cre/



Thank you

AI should be integrated first IMHO ARF is just derivated from AI (asset identification) Basically that is just something like a CAESARS conceptual architecture On Thursday, 5 November 2015, Paul Patrick < ppatrick@isightpartners.com > wrote: I can see where you headed.  I looked at NIST Asset Reporting Format (ARF) [ NISTIR-7694 and NISTIR-7693 ] at one point as a representation for assets so that I could complete the linkage you mentioned below. From: < cti@lists.oasis-open.org > on behalf of Jerome Athias < athiasjerome@gmail.com > Date: Thursday, November 5, 2015 at 10:07 AM To: Paul Patrick < ppatrick@isightpartners.com > Cc: Patrick Maroney < Pmaroney@specere.org >, " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: [cti] Re: RFI CRE Common Remediation Enumeration Right, I see CRE potentially useful as a middleware for a link to NIST SP 800-53 kind of things, for example in the COAs context I see CCE leverageable via use of an OVAL like language for IT-Assets And the CAPEC-CWE-CVE-CPE link PS: sorry if out of scope On Thursday, 5 November 2015, Paul Patrick < ppatrick@isightpartners.com > wrote: I looked through the XML schema and its appears to be focused more on human-readable remediation descriptions than machine-based. With regards to ‘@all’, I completely agree where possible.  Where not possible, we need to be trying to “embrace and extend” where possible so we can leverage the learning that has been done.   — Paul Patrick From: < cti@lists.oasis-open.org > on behalf of Patrick Maroney < Pmaroney@Specere.org > Date: Thursday, November 5, 2015 at 9:22 AM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >, Jerome Athias < athiasjerome@gmail.com > Subject: Re: [cti] RFI CRE Common Remediation Enumeration Jerome, As always, thanks for sharing timely references to "our thing".  We need to leverage these standards wherever possible/practical. Question "CRE enables automation and enhanced correlation of enterprise remediation activities." I'm not seeing where CRE provides the machine readable specification (or reference to same) required to perform the very specific remediation action(s) to achieve, measure, or validate the remediation objectives/outcomes. It would seem that the reference to the OVRL specification or some other reference that leads one to the specific OVRL  The only specific external reference I see is the CPE (Common Platform Enumeration)?   ...What am I missing? @All:  (1) I like the Use Case formats of the NIST documents.  It would be great if we could adopt same or something similar to map to these existing body of work.  (2) Why reinvent taxonomies, descriptions, etc. where substantive instantiations of same (i.e., CCE, CVE, CPE)  already exist? Patrick Maroney President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org _____________________________ From: Jerome Athias < athiasjerome@gmail.com > Sent: Thursday, November 5, 2015 8:15 AM Subject: [cti] RFI CRE Common Remediation Enumeration To: < cti@lists.oasis-open.org > Hi Any info regarding CRE? http://scap.nist.gov/specifications/cre/ Thank you