[Intelmq-dev] Taxonomies & Sharing mechanism

Otmar Lendl lendl at cert.at
Fri Aug 5 18:07:22 CEST 2016 

Folks,

as I will attending the ENISA/EC3 workshop in The Hague this autumn, I
got an invitation to a preparatory survey which asks questions about a
consensus regarding taxonomies and information sharing formats to be
used in CERT/CERT and CERT/LE information sharing.

IntelMQ is based on eCSIRT II, which some working-group in the
ENISA/EC3/EMPACT universe has declared to be obsolete.

See this monster of a report:
https://www.enisa.europa.eu/publications/information-sharing-and-common-taxonomies-between-csirts-and-law-enforcement

Their new shiny pony is based on the work of CERT.pt, and they want to
to use the meeting this year to finalize that decision. I have no clue
how big the delta to eCSIRT II is.

IMHO the IntelMQ community has to decide how to react. E.g.

a) stay with eCSIRT II framework
b) adopt the new one

and

what stance to take on an inter-organisational sharing mechanism.

So what do you all think?

otmar (who will be on vacation the next weeks, don't expect me to reply
soon)

------------------

The survey asks:

Do you believe that the Common Taxonomy for the national network of
CSIRT/LEA (formerly known as CERT.PT Taxonomy) is suitable for CSIRT/LEA
communication?
	
Yes / No / Other

Have you ever used one of the following?
	
STIX / CybOX / Other sharing Mechanism

What do you think could be a suitable sharing mechanism for the Common
Taxonomy for the national network of CSIRT/LEA?
	
STIX / CybOX / Other sharing Mechanism

Extract from 'Report on Information Sharing and Common Taxonomies
between CSIRTs and Law Enforcement Agencies'

A clear distinction should be made between a taxonomy, a sharing
mechanism and a sharing platform to avoid any possible confusion. While
a taxonomy is a way of describing information through classification, a
sharing mechanism structures the way the information is encoded. For
example, a sharing mechanism might provide rules for names and positions
of XML tags to allow a file to be treated automatically. Finally, a
sharing platform is a tool allowing to share information. It is not
mandatory to have such a platform – files containing information
structured according to a standard and classified according to a
taxonomy could simply be sent by e-mail, for example. Nevertheless, the
use of a sharing platform allows users to easily share information in a
structured way.


-- 
// Otmar Lendl <lendl at cert.at> - T: +43 1 5056416 711
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20160805/2d74e136/attachment.sig>

More information about the Intelmq-dev mailing list