Folks,
as I will attending the ENISA/EC3 workshop in The Hague this autumn, I got an invitation to a preparatory survey which asks questions about a consensus regarding taxonomies and information sharing formats to be used in CERT/CERT and CERT/LE information sharing.
IntelMQ is based on eCSIRT II, which some working-group in the ENISA/EC3/EMPACT universe has declared to be obsolete.
See this monster of a report: https://www.enisa.europa.eu/publications/information-sharing-and-common-taxo...
Their new shiny pony is based on the work of CERT.pt, and they want to to use the meeting this year to finalize that decision. I have no clue how big the delta to eCSIRT II is.
IMHO the IntelMQ community has to decide how to react. E.g.
a) stay with eCSIRT II framework b) adopt the new one
and
what stance to take on an inter-organisational sharing mechanism.
So what do you all think?
otmar (who will be on vacation the next weeks, don't expect me to reply soon)
------------------
The survey asks:
Do you believe that the Common Taxonomy for the national network of CSIRT/LEA (formerly known as CERT.PT Taxonomy) is suitable for CSIRT/LEA communication? Yes / No / Other
Have you ever used one of the following? STIX / CybOX / Other sharing Mechanism
What do you think could be a suitable sharing mechanism for the Common Taxonomy for the national network of CSIRT/LEA? STIX / CybOX / Other sharing Mechanism
Extract from 'Report on Information Sharing and Common Taxonomies between CSIRTs and Law Enforcement Agencies'
A clear distinction should be made between a taxonomy, a sharing mechanism and a sharing platform to avoid any possible confusion. While a taxonomy is a way of describing information through classification, a sharing mechanism structures the way the information is encoded. For example, a sharing mechanism might provide rules for names and positions of XML tags to allow a file to be treated automatically. Finally, a sharing platform is a tool allowing to share information. It is not mandatory to have such a platform – files containing information structured according to a standard and classified according to a taxonomy could simply be sent by e-mail, for example. Nevertheless, the use of a sharing platform allows users to easily share information in a structured way.