European Union Agency for Network and Information Security (ENISA) has published a summary of security information sharing formats, at the same time of the release of its good practice guide on Actionable Information for Security Incident Response.
Actionable security information is accurate and timely information that may help incident handlers reduce the number of infections, or address vulnerabilities before they are exploited.
The companion to the good practice guide is Standards and Tools for Exchange and Processing of Actionable Information which describes 53 different information sharing standards that are a mix of formats, protocols, technical approaches and frameworks in common use. These span:
- Information sharing formats
- Formats for low level data
- Actionable observables
- Scoring and measurement frameworks
- Reporting formats
- High-level frameworks
- Transport and serialization
- Transport methods
- Serialization methods.
In addition, the report highlights 16, primarily open source, information sharing tools and platforms for the exchange and processing of actionable information, spanning automated distribution of data, supporting analytics, general purpose log management and handling high-level information.
Very useful - thank you ENISA.
Posted on: 13 February 2015 at 11:10 hrs