Re: [Model-t] model-t@iab.org list description
Bret Jordan <jordan.ietf@gmail.com> Sat, 03 August 2019 17:26 UTC
Return-Path: <jordan.ietf@gmail.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36747120188 for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 10:26:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6BDxoLoLMbnO for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 10:26:07 -0700 (PDT)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 954CB120155 for <model-t@iab.org>; Sat, 3 Aug 2019 10:26:07 -0700 (PDT)
Received: by mail-pl1-x634.google.com with SMTP id az7so34814910plb.5 for <model-t@iab.org>; Sat, 03 Aug 2019 10:26:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=2xVsULGGdol4ou7EPOA+lXoRrFi2brefgMnv6LYXq9Q=; b=NCAgL6N0k891AebJIr3Y8vSN0PVyRZN5JdxxUffQratKiadPy4sk1eTqetETrulOWS GH4nZDozN08NAS+pLqkEw8adhlWGQDMNqhOPgrVuKFRdBEnPmKF4LA3gz0OmWmzM56wp SBPCzTDABYBv9woXZx34e3qQkuV6vwmSk2AlGzqImgz82N7/4FOkQgblevPa7xa+eqMd SvAK3Ykiyo87205EA395K0RU2WCBJDkqsxAz0oycc9mZAfYmyq3NY95o14qh8Xcbpiv/ jK+fXLxoY0RhUNNCoTO7oUzy5QTz4JdOcviUheHk4OU0Mutz2iWxS/ioP3rIWRxYuX6U 4SyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=2xVsULGGdol4ou7EPOA+lXoRrFi2brefgMnv6LYXq9Q=; b=jjGYPWVSbaHaQE4nfNaJs2sHcsplB6SCLplsktk5ZgkMGJJbnKHB7nuA6aT26aSY2+ ee1fAueGoEYmM/Xkn5yRjvLruxuNtWjZolYbGnPyBwZaIZtTCLUw5SrXRdUnqBV57hpV xPM7LmBzIv/PF+WlNq47SaTA+QzaCGMUaoJRb0thE2tyXKm4aPLb3hNhUXm83C5Tb8VS EmUgqQqhoWQMbFn9B2qpuc3od1ak2xC2DKZmJUya5kiTv7WV0Xrbb4IOQoaiyTxJf8tt ZxMFGtb6EI59tC1MT74sNj0/NW//ZSdVr180Kvzj8h8t6mBuedBSzBwC+kx5OpSlwwzh 9B7Q==
X-Gm-Message-State: APjAAAUv6/UBCGyga6brpMlG4/Eq/9KgR+vZDHt3Mfx1Bk4T6T0UantO wrT/DgDX8pjuf6GEgEW/rQ15uyM+
X-Google-Smtp-Source: APXvYqytr6Ht1AklhqubFsDXL4IqfqH6vBqGj7wiw5kRYb4ce8s5fE2aHEHcLj1f0DMwgttzELGNLw==
X-Received: by 2002:a17:902:7288:: with SMTP id d8mr53210756pll.133.1564853167149; Sat, 03 Aug 2019 10:26:07 -0700 (PDT)
Received: from [10.128.64.149] ([136.60.227.81]) by smtp.gmail.com with ESMTPSA id p68sm91665920pfb.80.2019.08.03.10.26.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 03 Aug 2019 10:26:06 -0700 (PDT)
From: Bret Jordan <jordan.ietf@gmail.com>
Message-Id: <D5E68AEE-5B5B-4F5D-BDEF-54929F3067A3@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_630DB989-9349-426E-956B-094B58E42DEB"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Sat, 03 Aug 2019 11:26:04 -0600
In-Reply-To: <9e9c4580-acbc-16fe-1af0-4be1ea33e700@cs.tcd.ie>
Cc: Martin Thomson <mt@lowentropy.net>, model-t@iab.org
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <c3a112ba-baab-1cb0-97ad-21ff9999a637@cs.tcd.ie> <29756028-95f1-e6e5-b3ea-562cbc635df0@sandelman.ca> <5ef15ad2-5b20-e871-0d01-17cf906051c1@cs.tcd.ie> <22633.1564768705@localhost> <e7c02d44-353f-406c-818e-06a2e49ee212@www.fastmail.com> <5879878A-7CEA-4030-BB72-108CC4122719@gmail.com> <56f78164-7205-0cb8-eaaf-3bdae25a7c67@cs.tcd.ie> <34296538-559C-45B0-8D44-E35BCA47DD35@gmail.com> <9e9c4580-acbc-16fe-1af0-4be1ea33e700@cs.tcd.ie>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/VKYAtYP8U0z3btXZgK85Cxc2SSs>
Subject: Re: [Model-t] model-t@iab.org list description
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Aug 2019 17:26:17 -0000
Stephen, While there are several minor variations on the “Kill Chain” as defined originally by Lockheed Martin in the following paper back in 2011 I think (https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf <https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf>). In addition, MITRE has recently produced an ATT&CK framework to help identify and characterize threat actor behavior. NIST has already produced a Cyber Security Framework that is commonly used when talking about these sorts of things. STIX on the other hand is a taxonomy for sharing threat intelligence. Things like threat actors, campaigns, intrusion sets, attack patterns, malware information, indicators of compromise, etc etc. Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > On Aug 3, 2019, at 8:40 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > > On 03/08/2019 15:37, Bret Jordan wrote: >> I did not use anything from STIX. Are you referring to the use of >> kill chain phase? > I was. If you're using some other methodology be interested > in which. (Those information model based approaches to > describing threats/incidents aren't something I follow in > detail.) > > Cheers, > S. > <0x5AB2FAF17B172BEA.asc>
- [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Joseph Lorenzo Hall
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Martin Thomson
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Eric Rescorla
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Jim Fenton
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Christian Huitema
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] model-t@iab.org list description Carsten Bormann
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] What are we trying to protect Ted Lemon
- [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Ira McDonald
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono