CTI TAXII Subcommittee

 View Only

  • 1.  Re: [External] [cti-taxii] New properties for TAXII 2.1

    Posted 08-10-2017 21:30




    Is the intent that these properties live within TAXII or on the STIX objects themselves?
     

    From: <cti-taxii@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
    Date: Thursday, August 10, 2017 at 2:51 PM
    To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
    Subject: [External] [cti-taxii] New properties for TAXII 2.1


     


    All,
     
    It has been proposed that we add some properties to collections to help identify what data markings are needed / supported in this collection.  One driving aspect is with the upcoming IEP policy stuff.  
     
    It has been proposed that we add something like the following two properties:
     
    supported_markings
    required_markings
     
    The property terms may need to be word smithed and we need to figure out how to best capture the data.  But the question right now is, should we support this functionality on collections?
     
    If so, I will add them to the TAXII 2.1 working specification so that we can being work on what they will mean.
     
    Bret
     





    This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by
    you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of
    internal compliance with Accenture policy.
    ______________________________________________________________________________________

    www.accenture.com






  • 2.  Re: [EXT] Re: [External] [cti-taxii] New properties for TAXII 2.1

    Posted 08-10-2017 22:04
    Well the properties will exist in STIX, just like they do today. There would also be some metadata on the TAXII collection that helps clients know what type of data is the collection.  This could go a long way to some sort of auto-negotiation that a client could say, I know how to deal with IEP and the server saying, great, you can access these collections that have content marked with IEP. Something like that.  Yes, there is a LOT to figure out.  But is the general idea worth working on? Bret From: Maxwell, Kyle R. <kyle.r.maxwell@accenture.com> Sent: Thursday, August 10, 2017 3:29:46 PM To: Bret Jordan; cti-taxii@lists.oasis-open.org Subject: [EXT] Re: [External] [cti-taxii] New properties for TAXII 2.1   Is the intent that these properties live within TAXII or on the STIX objects themselves?   From: <cti-taxii@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com> Date: Thursday, August 10, 2017 at 2:51 PM To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org> Subject: [External] [cti-taxii] New properties for TAXII 2.1   All,   It has been proposed that we add some properties to collections to help identify what data markings are needed / supported in this collection.  One driving aspect is with the upcoming IEP policy stuff.     It has been proposed that we add something like the following two properties:   supported_markings required_markings   The property terms may need to be word smithed and we need to figure out how to best capture the data.  But the question right now is, should we support this functionality on collections?   If so, I will add them to the TAXII 2.1 working specification so that we can being work on what they will mean.   Bret   This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com


  • 3.  Re: [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1

    Posted 08-11-2017 12:08
    My proposal was that it would be on the TAXII collection, not the objects. required_markings="TLP" on a collection means that every object submitted must contain a TLP marking, if it does not, it is rejected. - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security Without data, all you are is just another person with an opinion - Unknown From:         "Maxwell, Kyle R." <kyle.r.maxwell@accenture.com> To:         Bret Jordan <Bret_Jordan@symantec.com>, "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org> Date:         08/10/2017 06:29 PM Subject:         [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1 Sent by:         <cti-taxii@lists.oasis-open.org> Is the intent that these properties live within TAXII or on the STIX objects themselves?   From: <cti-taxii@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com> Date: Thursday, August 10, 2017 at 2:51 PM To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org> Subject: [External] [cti-taxii] New properties for TAXII 2.1   All,   It has been proposed that we add some properties to collections to help identify what data markings are needed / supported in this collection.  One driving aspect is with the upcoming IEP policy stuff.     It has been proposed that we add something like the following two properties:   supported_markings required_markings   The property terms may need to be word smithed and we need to figure out how to best capture the data.  But the question right now is, should we support this functionality on collections?   If so, I will add them to the TAXII 2.1 working specification so that we can being work on what they will mean.   Bret   This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com


  • 4.  Re: [EXT] Re: [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1

    Posted 08-11-2017 17:35
    That is a good option too.  I do like the idea of doing some sort of client / server negotiations. Bret From: Jason Keirstead <Jason.Keirstead@ca.ibm.com> Sent: Friday, August 11, 2017 6:07:37 AM To: Maxwell, Kyle R. Cc: Bret Jordan; cti-taxii@lists.oasis-open.org Subject: [EXT] Re: [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1   My proposal was that it would be on the TAXII collection, not the objects. required_markings="TLP" on a collection means that every object submitted must contain a TLP marking, if it does not, it is rejected. - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security Without data, all you are is just another person with an opinion - Unknown From:         "Maxwell, Kyle R." <kyle.r.maxwell@accenture.com> To:         Bret Jordan <Bret_Jordan@symantec.com>, "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org> Date:         08/10/2017 06:29 PM Subject:         [cti-taxii] Re: [External] [cti-taxii] New properties for TAXII 2.1 Sent by:         <cti-taxii@lists.oasis-open.org> Is the intent that these properties live within TAXII or on the STIX objects themselves?   From: <cti-taxii@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com> Date: Thursday, August 10, 2017 at 2:51 PM To: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org> Subject: [External] [cti-taxii] New properties for TAXII 2.1   All,   It has been proposed that we add some properties to collections to help identify what data markings are needed / supported in this collection.  One driving aspect is with the upcoming IEP policy stuff.     It has been proposed that we add something like the following two properties:   supported_markings required_markings   The property terms may need to be word smithed and we need to figure out how to best capture the data.  But the question right now is, should we support this functionality on collections?   If so, I will add them to the TAXII 2.1 working specification so that we can being work on what they will mean.   Bret   This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com


Related Content