search

oasis-tcs / openc2-glossary

OASIS OpenC2 TC: Repository to support development of an OpenC2 Glossary as one of the chartered deliverables of the OpenC2 Language Subcommittee
https://github.com/oasis-tcs/openc2-glossary
Other
4 stars 5 forks source link

Orchestrator, Actuator #11

Open sparrell opened 7 years ago

philroyer-phantom commented 7 years ago

I'll put something here for orchestrator so we have a starting point to poke holes in:

In IT and security there are many types of orchestrators. In the context of OpenC2 the word orchestrator is defined more narrowly to mean a sense-making and decision-making engine that can determine when and how to produce OpenC2 commands and chain commands together into automated and semi-automated courses of action.

I am aware that this contradicts the following sentence from the abstract:

Other aspects of coordinated cyber response such as sensing, analytics, and selecting appropriate courses of action are beyond the scope of OpenC2.

I think of an orchestrator as a component that will use OpenC2 but also have other capabilities, so I think it is OK that part of my definition describes capabilities outside the scope of OpenC2.

dlemire60 commented 7 years ago

IMO it's not a contradiction. OpenC2 is, ultimately, an interface specification: what does element A sends to element B and what does it mean. The functions that elements A and B perform that give them cause to support an OpenC2 interface is outside the scope of the spec, but recognizing that they exist doesn't seem like a contradiction.