-
Notifications
You must be signed in to change notification settings - Fork 18
FAQ
Q: How is the OpenDXL Ontology different from OpenC2?
A: The goal of the OpenDXL Ontology is to incorporate many different common and open standards (OpenC2 being one of them). The ontology supports "actions" which on the surface appear similar to OpenC2 "commands". However, the goal of the ontology is to take full advantage of the messaging fabric that it is based upon. Thus, it should be possible to send a single "action" message to the fabric and have multiple services respond (one to many). For example, a client might send a single "quarantine action" message to the fabric and have a diverse set of services take action (a firewall, endpoint, and ticketing system). Supporting one action to many responses requires that OpenDXL Ontology actions be more generic than their OpenC2 counterparts.
The OpenDXL Ontology also supports the concept of "notification" messages. These are messages that are used to notify clients currently connected to the fabric when significant events occur (a virus is detected, etc.). OpenC2 does not currently have an equivalent concept.
OpenDXL Ontology
Documentation
Related Resources