Re: [OPSEC] New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt

Ron Bonica <rbonica@juniper.net> Fri, 05 February 2021 16:36 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9498F3A1320; Fri, 5 Feb 2021 08:36:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.359
X-Spam-Level:
X-Spam-Status: No, score=-3.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=1Nai2w3B; dkim=pass (1024-bit key) header.d=juniper.net header.b=ccSk1U5W
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E80BStL7muUl; Fri, 5 Feb 2021 08:36:42 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 938173A131C; Fri, 5 Feb 2021 08:36:42 -0800 (PST)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 115GEN7M016288; Fri, 5 Feb 2021 08:36:41 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=t4BDXHaySFvcwZA1eIQaYz0Nqbue40tYWP+m1l257VQ=; b=1Nai2w3Br7Mtte1/k1gpWLZlaM/TrnPmGQJ195ThGCChYIdmIlgh9PGthnlOs4CH5zM1 enAeQhc3TrZDR/o/6iQSHmu6rtJyLTLN9asG4NfXSb6OnlDNXGFFXRnemHxOKfW2EAcS fScaAlwf4xrdcR5RBoOAz4Hw1pYgAqWKpjFHvxaHng/hCH0EdeIckUKlyRqBYdUBRxT3 b/ULozWdeMh+wRSpLViE486SzGqYZf9g6zRnq8QLNFCHG4tT+6BE85uTzfbWUxlSmxc4 jRJ2CL/rMcbtJ1k2FnCx/fsatKhqB8LQ3gSPPtARh0KNcm0VeYwdIvzC5Nmkk1RJgxNz Ug==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2109.outbound.protection.outlook.com [104.47.55.109]) by mx0b-00273201.pphosted.com with ESMTP id 36guhrsd8a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 05 Feb 2021 08:36:41 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iFvZmeSO+iuz9aZ+bguI6dMteAuhbBLlVQ5ZB5Ii8ozBpOcKOlvCoUk7Z2tcQ44prCFwGxkgtbgfzOuZQDExHTTx6dq3UXdfeXEwPlk648f1fLJRIn9ZFNZ0ljPwkGlej1/ohcDUeb6x7cvCzu5CvHCk4V4dlbR3HW51JZdNWSZZUzsf1+QGNwuRXuJvMMTmodf3qWk1rNJL59/NAdXld2PaZ71M/q1MjOPYFr6A/OhIu4Z/p4obTMXw4vD1N/MMd3slL3ixJ8+ljYBewWvCH+1mUrq5M0gi/99BR2dJja59Q4U6i21ID9oyu+XrmcI+tjAbE+BY3t4mU12hFQ0fig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t4BDXHaySFvcwZA1eIQaYz0Nqbue40tYWP+m1l257VQ=; b=blrla3GfKxf4ydIyXq3Qm9GvE3s+XcN8CkYhZ3MSVJ37ESp9twv+xy/fVrri1Xu4lJP48XTdAlk4v4XndmvjpnHoYNBkc1PsWGzXLIloeTKkWVVcqsXl0VrO/3kMqTx4obR9tnoqO228GXUMO9c3V5oy0DQS8IQyPVK7LwAmd1xLR8F149cIc9PZOU5X5Pe9a0SdHT9yrxvgF57YTAQHXtVHbhwBxo4vJVWIPXt1ZRpnUD395V42gSyw5l28F/N4xROOiVjQ8LYzB6h0qVuNMwKwmVY6gyyaMmDiGz16oIOjbIs74dW/1cyA5ZBuDWwqJfeU7+gdBpI6cCe+wqkkMw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t4BDXHaySFvcwZA1eIQaYz0Nqbue40tYWP+m1l257VQ=; b=ccSk1U5Ws6y6U6sDMKIY2X8rH9LM5WAFozow8zlt5b3ej4C4uN97do/nbSSe8U+xpIQBN6FQKW2owXj94H56/qVqSLZWEVDJm+NeCnEApaC9R9ycyUQcdtz95gtMSGci2ItX4pwGvFnXnE9HBs2vzdjb5nF5DyuYkwmCbPeFQAg=
Received: from (2603:10b6:208:2f::25) by MN2PR05MB6974.namprd05.prod.outlook.com (2603:10b6:208:191::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.8; Fri, 5 Feb 2021 16:36:35 +0000
Received: from BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::24d3:61f2:4293:e825]) by BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::24d3:61f2:4293:e825%3]) with mapi id 15.20.3825.017; Fri, 5 Feb 2021 16:36:35 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Fernando Gont <fgont@si6networks.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>, "opsec@ietf.org" <opsec@ietf.org>
CC: Ollie Whitehouse <ollie.whitehouse@nccgroup.com>
Thread-Topic: [OPSEC] New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt
Thread-Index: AQHW6dOxYq/6wLx6q0SrOBrhyWTPK6o50IWWgAz4gTCAAnDcAIAArJEQ
Date: Fri, 5 Feb 2021 16:36:35 +0000
Message-ID: <BL0PR05MB5316E69A7C7AAAE5011B6958AEB29@BL0PR05MB5316.namprd05.prod.outlook.com>
References: <161055984315.25920.7578284983388559797@ietfa.amsl.com> <LO2P123MB35999C613671D92627878AD9D7BC0@LO2P123MB3599.GBRP123.PROD.OUTLOOK.COM> <BL0PR05MB53166A910D861850352243B6AEB49@BL0PR05MB5316.namprd05.prod.outlook.com> <8d9aa788-4295-514d-a054-a323fbc3c62c@si6networks.com>
In-Reply-To: <8d9aa788-4295-514d-a054-a323fbc3c62c@si6networks.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.5.0.60
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2021-02-05T16:36:34Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=743082dd-29bb-4700-aef6-24ffe92b2c24; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
authentication-results: si6networks.com; dkim=none (message not signed) header.d=none;si6networks.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [173.79.115.7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 6c703819-f20e-432d-c9d4-08d8c9f4340d
x-ms-traffictypediagnostic: MN2PR05MB6974:
x-microsoft-antispam-prvs: <MN2PR05MB697479220C34B53F1F464D98AEB29@MN2PR05MB6974.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DjuAcmNE0bsk2v7yaGkD4km7ufZdU9RlGyAIF0dhgoL4+E4PZjiX3zdY6wjBUTZXp6jJKGncrPBL49f+NitJWwYEzSeRismZ2MNCnACBAtvKtvZHLlSNsoTJzw5+/EGXgO1MfwvfTJ8v8ms+qtfI4/j2cdXJwz1NWOoRiYjU7N2XIdxDi93IzM6xHR2p1qHnsvwztOrlKIYhNtKXKUNmWH1JuK0Aj87Pet3fIkBZ4nHWChBP+eX781Scf8VP7mxhCdpbUB06Go/0zBJzukbNUV1G1Ec+8c44DtUWUSpw1e9BECrEyZRYyCz8nAs/zJ5ibStbivucMFvBhLVJJOcmSwSgRYYSBQo4i730OIt6ov6kRcsy10ydzHxqbjra6neSG8K2GMNlqy1S0Esccx+Fse38FAG/BCsC6DVp2Y4Dk4JOKRp1nuLdvFtfIye0ZWzKnobmBk+jZ9aG1EvnZMlEyQyKuWsFsdOX9T1feU/WdcTnzBjU1UT9cHouWQKt6Vy6StIS85r6uosdCsZnaHOMWSvLjDzZqVm9JxISIcBMRBNkSIpJeN6vg2s3iILI2dOtyLwlr8nttyT4MyWaXY0S/Xh5Gui0YaOjCrYTlcR0eWo=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5316.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(396003)(136003)(366004)(376002)(346002)(83380400001)(66946007)(26005)(478600001)(76116006)(966005)(15650500001)(110136005)(33656002)(55016002)(7696005)(53546011)(66446008)(66556008)(71200400001)(52536014)(86362001)(5660300002)(6506007)(64756008)(186003)(66574015)(9686003)(4326008)(8676002)(66476007)(2906002)(316002)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?yorIYgQW6L16GI6fEJa8FKXYxA0xoRNegzrpcVQrzVBgSAs62IYzHTNsZVE1?= =?us-ascii?Q?poMjkR7Vk9OD07QyV0gGUr6QXy4NFLusZphi518tuBPM3lYtkn7HUwCQCTaz?= =?us-ascii?Q?B3UJFlsETHKu5Rdtfn/HkkE5x4kvBHGgKkEssGE6/+KJwhLQJGov9Yv2MdWO?= =?us-ascii?Q?FsduQYgm6ssh1LoKxpoCpf1+VmgBGPpWjbaPL7DGyVrSTFdV0+E/V0SEmNWw?= =?us-ascii?Q?thw7h4rTc/RWp8n5f8ccQU9r3K2MlnsrgRloUBXl66qXqGIJK6TSeYRbcYLp?= =?us-ascii?Q?Sk2KHYPcal1DwYcSCz81vVse4Y0Va6q+75c7CYoa2+9WGKnOvebZpzvI1Kqq?= =?us-ascii?Q?C3sFZyM0VjjrdsvZ7ksAkYVt9NQ1GktXt5ItvwJq5M8mmb1H6kP8uUQgncWc?= =?us-ascii?Q?MMrVKwGkH/fu3arHPWjSQFLWxaMZjNga67dM2GSOEf8Ok/1W7uDrLyYP0yPH?= =?us-ascii?Q?BGvDjSuofr3IW0xy5WfxDJbzt0PmSxc2lPQm05qqrdh5pA1OxSwEq1ZF2/wL?= =?us-ascii?Q?VRpHjF3kf7S8YjHQQnOQJCE3LbYCBDwHAM08cBr+3hBuObM6eShnh+yrbiSP?= =?us-ascii?Q?lDaaQLV9Rae1xClIY1gd2FZAupwF2ZOq1R4tyUIap2ABE6sBeuE+XCFOJxP4?= =?us-ascii?Q?imv2gfN/LBjZhWMGaSXtXGsUO4yZMtb2Fl1jgxoEVMLRUy/j3s7WFg9ur+Io?= =?us-ascii?Q?rqRVG1M4twfLtNII4zuOfo0TgSVHiEr8L+Hwdc5XZQF4h2gtLgUmr9JeQ5ub?= =?us-ascii?Q?Cpg+fkJkMjPzmfIQOasUQa6KDZ3KZHslyEYkv2IlIRlE4BC7/s6SJWpQbNxM?= =?us-ascii?Q?rUuqa+oRz7EvI8QFhRtElRSsJ0cibi//yAFQXTdu8qLnpXMN3MNvf2EYG3SL?= =?us-ascii?Q?h9XEDCv8ypGkYU2kubXGUKHMThu5E3PUTt1CdqNopyzVL5E88e0MV0lm+sD0?= =?us-ascii?Q?YOd2YbYmZ7hqWDoYQC988Poui8WAu+cvUfwZLOIoO/0/lGV/CpbdMXkwFbNo?= =?us-ascii?Q?NcDKP7elk4jd4ZdPJMLYaf7r2Vk7yaQsiJKfitMQztXj2IiuXxRMQmZUqc1x?= =?us-ascii?Q?t56Qt/UYN+58dtCeSvTiyKoVSGHopAj69hzkPRavgh5k+z3VavO9HFNXUsxz?= =?us-ascii?Q?W01TulbpdogDe2shjrsjJOdAcjSbJ/+LuhleA1NeckKOw1ri3skxxer4r+Bc?= =?us-ascii?Q?yYZOiIjA5yBK4eA4j8sUy+Crc6mk23cv2Ik5Ic971PdWHOBTjjS/714ePED8?= =?us-ascii?Q?9tTTnS8YrY+CxnlqiFlHWazqq559ZuJwDuNkcRCAVDDGLB8Z8qF/1rbXAF4M?= =?us-ascii?Q?S1JDo+RTKOOpn4LogoGKS4kk?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5316.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6c703819-f20e-432d-c9d4-08d8c9f4340d
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Feb 2021 16:36:35.4028 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Jbkq9K6nH8wcT2E0RDcpDL/U76JrkbE/8rCRTBILoJMlMEDSD2tC/no0t5w5mdQlSPOV10uWM+RYxHYlF4LwJw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR05MB6974
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-05_09:2021-02-05, 2021-02-05 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 suspectscore=0 phishscore=0 adultscore=0 mlxscore=0 bulkscore=0 mlxlogscore=999 spamscore=0 lowpriorityscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102050105
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/dSUsVkZt0dOseFfioayoBXF273Q>
Subject: Re: [OPSEC] New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2021 16:36:46 -0000

Thanks!


Juniper Business Use Only

-----Original Message-----
From: OPSEC <opsec-bounces@ietf.org> On Behalf Of Fernando Gont
Sent: Friday, February 5, 2021 1:19 AM
To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>rg>; Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>rg>; opsec@ietf.org
Cc: Ollie Whitehouse <ollie.whitehouse@nccgroup.com>
Subject: Re: [OPSEC] New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt

[External Email. Be cautious of content]


Hi, Ron,

I can volunteer for reviewing this draft if that'd be of help.

Thanks!

Regards,
Fernando




On 3/2/21 14:03, Ron Bonica wrote:
> Folks,
>
> This appears to be a well-written draft that reflects current practice.
>
> Could I ask for two volunteers to read and comment on the draft?
>
>                                                             Ron
>
> Juniper Business Use Only
>
> *From:* OPSEC <opsec-bounces@ietf.org> *On Behalf Of * Kirsty P
> *Sent:* Tuesday, January 26, 2021 6:19 AM
> *To:* opsec@ietf.org
> *Cc:* Ollie Whitehouse <ollie.whitehouse@nccgroup.com>
> *Subject:* [OPSEC] Fw: New Version Notification for 
> draft-paine-smart-indicators-of-compromise-02.txt
>
> *[External Email. Be cautious of content]*
>
> Hi OPSEC,
>
> Please see below for details of our new draft on Indicators of 
> Compromise (IoCs), updated based on previous comments. We think it 
> might be suitable for OPSEC, but we'd like to hear your comments, 
> discussion or feedback on this draft - please get in touch!
>
> Kirsty & Ollie
>
> ----------------------------------------------------------------------
> --
>
> *From:*internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> 
> <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>>
> *Sent:* 13 January 2021 17:44
> *To:* Kirsty P <Kirsty.p@ncsc.gov.uk <mailto:Kirsty.p@ncsc.gov.uk>>; 
> Kirsty P <Kirsty.p@ncsc.gov.uk <mailto:Kirsty.p@ncsc.gov.uk>>; Ollie 
> Whitehouse <ollie.whitehouse@nccgroup.com 
> <mailto:ollie.whitehouse@nccgroup.com>>
> *Subject:* New Version Notification for 
> draft-paine-smart-indicators-of-compromise-02.txt
>
>
> A new version of I-D, 
> draft-paine-smart-indicators-of-compromise-02.txt
> has been successfully submitted by Kirsty Paine and posted to the IETF 
> repository.
>
> Name:           draft-paine-smart-indicators-of-compromise
> Revision:       02
> Title:          Indicators of Compromise (IoCs) and Their Role in Attack
> Defence
> Document date:  2021-01-13
> Group:          Individual Submission
> Pages:          18
> URL:
> https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-pain
> e-smart-indicators-of-compromise-02.txt__;!!NEt6yMaO-gk!VcW92ERPAPayFO
> lFzJEh-DIIcloEr885XwOQTqB4SgLNP76lq-_wkqRxnGvUm5F7$
> Status:
> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-pai
> ne-smart-indicators-of-compromise/__;!!NEt6yMaO-gk!VcW92ERPAPayFOlFzJE
> h-DIIcloEr885XwOQTqB4SgLNP76lq-_wkqRxnJcMSZWa$
> Htmlized:
> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draf
> t-paine-smart-indicators-of-compromise__;!!NEt6yMaO-gk!VcW92ERPAPayFOl
> FzJEh-DIIcloEr885XwOQTqB4SgLNP76lq-_wkqRxnBO_ajPm$
> Htmlized:
> https://urldefense.com/v3/__https://tools.ietf.org/html/draft-paine-sm
> art-indicators-of-compromise-02__;!!NEt6yMaO-gk!VcW92ERPAPayFOlFzJEh-D
> IIcloEr885XwOQTqB4SgLNP76lq-_wkqRxnCdEa4wA$
> Diff:
> https://urldefense.com/v3/__https://www.ietf.org/rfcdiff?url2=draft-pa
> ine-smart-indicators-of-compromise-02__;!!NEt6yMaO-gk!VcW92ERPAPayFOlF
> zJEh-DIIcloEr885XwOQTqB4SgLNP76lq-_wkqRxnNzNmLSB$
>
> Abstract:
>     Indicators of Compromise (IoCs) are an important technique in attack
>     defence (often called cyber defence).  This document outlines the
>     different types of IoC, their associated benefits and limitations,
>     and discusses their effective use.  It also contextualises the role
>     of IoCs in defending against attacks through describing a recent case
>     study.  This draft does not pre-suppose where IoCs can be found or
>     should be detected - as they can be discovered and deployed in
>     networks, endpoints or elsewhere - rather, engineers should be aware
>     that they need to be detectable (either by endpoints, security
>     appliances or network-based defences, or ideally all) to be
>     effective.  The purpose of this draft is to document both the
>     operational issues, but also the best practices associated with use
>     of IoCs today.  This draft provides a foundation for proposals for
>     new approaches to operational challenges in network security.
>
>
>
>
> Please note that it may take a couple of minutes from the time of 
> submission until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
> This information is exempt under the Freedom of Information Act 2000
> (FOIA) and may be exempt under other UK information legislation. Refer 
> any FOIA queries to ncscinfoleg@ncsc.gov.uk 
> <mailto:ncscinfoleg@ncsc.gov.uk>. All material is UK Crown Copyright (c)
>
>
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/opse
> c__;!!NEt6yMaO-gk!VcW92ERPAPayFOlFzJEh-DIIcloEr885XwOQTqB4SgLNP76lq-_w
> kqRxnEY1aznN$
>


--
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492




_______________________________________________
OPSEC mailing list
OPSEC@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/opsec__;!!NEt6yMaO-gk!VcW92ERPAPayFOlFzJEh-DIIcloEr885XwOQTqB4SgLNP76lq-_wkqRxnEY1aznN$