Probably this will be a super long comment section but one of the other issues around consolidation is the adoption and phase out of standards: now we have OCSF which seems to getting traction but before we had CEF, LEEF and another one I can't spell anymore like EDF. We had a good run with OpenC2 but not many vendors are supporting it. Now we have multi agent behaviour and probably new other protocols will need to be established by OASIS or other orgs. What about CACAO playbooks, I know only SEKOIA has decent support but nobody really allows a full import/export.
STIX 2.1 has a good adoption into TI but we cooperated to the IR extension module and I wonder how long it will take to be adopted. What about VERIS for IR, how many vendors are supporting that and the overlap with STIX2.1 as well. If the community keeps floating around standards we will never achieve consolidation. Each new competitor in this space need to support around 500+ connectors pretty much they need to be written from scratch! Would love to talk about this problem in an interview if you are interested.
Probably this will be a super long comment section but one of the other issues around consolidation is the adoption and phase out of standards: now we have OCSF which seems to getting traction but before we had CEF, LEEF and another one I can't spell anymore like EDF. We had a good run with OpenC2 but not many vendors are supporting it. Now we have multi agent behaviour and probably new other protocols will need to be established by OASIS or other orgs. What about CACAO playbooks, I know only SEKOIA has decent support but nobody really allows a full import/export.
STIX 2.1 has a good adoption into TI but we cooperated to the IR extension module and I wonder how long it will take to be adopted. What about VERIS for IR, how many vendors are supporting that and the overlap with STIX2.1 as well. If the community keeps floating around standards we will never achieve consolidation. Each new competitor in this space need to support around 500+ connectors pretty much they need to be written from scratch! Would love to talk about this problem in an interview if you are interested.