[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Targeting in STIX 2.0
Target = Victim (or "Intermediary" who is both Victim and Attacker in a "MITM"/Supply Chain Attack TTP). Plenty of legacy verbiage on why some of us argue that "Target" is a critical missing element/TLO in CTI (most recently when discussing CTI Charter).
We can currently describe who's holding the spear, the attributes of the spear, and the "point" where the "pointy part" is headed/entered...but not the "pointee".
From: <cti-stix@lists.oasis-open.org> on behalf of "Chernin, Aharon"
Date: Monday, September 21, 2015 at 1:56 PM To: "Wunder, John A.", "cti-stix@lists.oasis-open.org" Subject: Re: [cti-stix] Targeting in STIX 2.0 For example, a cyber intelligence feed that provides attack target URLS: TTP -> Victim Targeting -> Observable -> URL
Which of my URLs are being attacked?
Aharon
From: <cti-stix@lists.oasis-open.org> on behalf of "Wunder, John A."
Date: Monday, September 21, 2015 at 1:14 PM To: "cti-stix@lists.oasis-open.org" Subject: Re: [cti-stix] Targeting in STIX 2.0
What do you mean by targeting? Can you give a couple examples of how that would make the content smaller/better?
Sorry, just having trouble picturing this.
John
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]