packet-rat
commented
9 years ago [Not sure where in our transitional state where we engage in discourse like this, but in support of Jerome's suggestion wanted to reply here.]
[+1] I think....
So while I know the IETF INCH IODEF community have been trying very hard to address many of the factors contributing to it's initial ~2007 lukewarm community reception (just to be clear, I closely followed the efforts of Messrs. Danyliw, Meijer, Demchenk et al and was a strong advocate for it's adoption back then), I didn't know anyone had actually built anything supporting IDMEF(?).
But, in any case, would think STIX Extension Points support should be considered (at least as an option) for any relevant standards (or de facto standards). At least as an interim methodology.
There are of course many ways to "skin this cat" (pass them as references, documents/reports, build/share conversion tooling (i.e., STIX<==>OpenIOC), etc. However, I'll also point out (before Aharon and Eric do ;-) that providing too many ways to "skin the cat", may just irritate the Cats even more. ;-)
I would really like to see a specific discussion (tactical and strategic) focusing on where and how to best bolt in support for other existing data representation formats, especially in the context of the application of methodologies like OMG MDA, PIM, SIMF, et . Look forward to doing so when the CTI TC is up and running.
@Jerome: Please send an out of band message with any references you might have to IDMEF.
Patrick Maroney Cell: (609)841-5104
On Jun 11, 2015, at 8:30 AM, Jerome Athias notifications@github.com wrote:
We should consider an Extension Point for Incidents Consider: IDMEF, IODEF
— Reply to this email directly or view it on GitHub.
sbarnum
We should consider an Extension Point for Incidents Consider: IDMEF, IODEF