IETF Logo Mail Archive

Re: [mile] Security alert reporting - the firstMILE

Tony Rutkowski <tony@yaanatech.com> Tue, 22 March 2016 17:55 UTC

Return-Path: <tony@yaanatech.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E06A12D721 for <mile@ietfa.amsl.com>; Tue, 22 Mar 2016 10:55:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZWbvXkRfER9 for <mile@ietfa.amsl.com>; Tue, 22 Mar 2016 10:55:47 -0700 (PDT)
Received: from sc9-admin2.yaanatech.net (63-128-177-42-static.dzbja.com [63.128.177.42]) by ietfa.amsl.com (Postfix) with ESMTP id 01EAD12D6A1 for <mile@ietf.org>; Tue, 22 Mar 2016 10:55:46 -0700 (PDT)
Received: from extmail1.yaanatech.com (extmail1.yaanatech.com [63.128.177.51]) by sc9-admin2.yaanatech.net (Postfix) with ESMTP id 3BB841A7; Tue, 22 Mar 2016 17:55:45 +0000 (UTC)
Received: from [192.168.1.51] (pool-173-67-205-17.clppva.fios.verizon.net [173.67.205.17]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by extmail1.yaanatech.com (Postfix) with ESMTP id B0CC85808E; Tue, 22 Mar 2016 17:52:48 +0000 (UTC)
References: <56F166CC.4020103@htt-consult.com> <56F17DC8.8000800@yaanatech.com> <56F183BB.1020306@htt-consult.com>
To: Robert Moskowitz <rgm-sec@htt-consult.com>, mile@ietf.org
From: Tony Rutkowski <tony@yaanatech.com>
Organization: Yaana Technologies
Message-ID: <56F1871F.2050907@yaanatech.com>
Date: Tue, 22 Mar 2016 13:55:43 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0
MIME-Version: 1.0
In-Reply-To: <56F183BB.1020306@htt-consult.com>
Content-Type: multipart/alternative; boundary="------------010705060700050206090706"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mile/5CK9ZbbICB__QvNvEZ1HLKHalnw>
Subject: Re: [mile] Security alert reporting - the firstMILE
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: tony@yaanatech.com
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 17:55:48 -0000

That sounds a lot like TAXII - especially 2.0
TC CTI is one of the world's most active bodies
and there are a considerable number of companies
and organizations involved with weekly meetings
and dozens of emails/day.  Huawei just joined, by
the way, so you should be able to get access.

The monitoring system part is elsewhere in the
STIX model.

--tony

On 2016-03-22 1:41 PM, Robert Moskowitz wrote:
> My reading of ROLLE here, or the limited information I can find 
> googling TAXII is that neither address the start of the incident at 
> the firewall/IPS/IDS/router.
>
> firstMILE is to get the attack event into the monitoring systems. 
> There analytics and/or an admin will determine if mitigation action is 
> needed and then start action in RID/ROLLE/TAXII.

-- 

________________________________ **

*Anthony Michael Rutkowski*

EVP, Industry Standards & Regulatory Affairs

tony@yaanatech.com <mailto:tony@yaanatech.com>

+1 703 999 8270 <tel:+1%20703%20999%208270>

________________________________ **

*Yaana Technologies LLC *

542 Gibraltar Drive

Milpitas CA 95035 USA

v2.23.0 | Report a Bug | By Email