[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Targeting in STIX 2.0
I would agree with this.
I think breaking out Victim to its own construct partially but not completely addresses this.
I think that potentially also breaking out Identity to its own construct would even further address this issue and many others.
With Identity broken out, you could define the identity of a party one time and under differing circumstances reference them as a victim, a source, a threat actor, etc.
A lot of these issues and optimal solutions become WAY more clear when we start to model them semantically rather than just structurally/schematically.
sean
From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org>
Date: Monday, September 21, 2015 at 2:05 PM To: Aharon Chernin <achernin@soltra.com>, John Wunder <jwunder@mitre.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> Subject: Re: [cti-stix] Targeting in STIX 2.0 Target = Victim (or "Intermediary" who is both Victim and Attacker in a "MITM"/Supply Chain Attack TTP). Plenty of legacy verbiage on why some of us argue that "Target" is a critical missing element/TLO in CTI (most recently when discussing CTI Charter).
We can currently describe who's holding the spear, the attributes of the spear, and the "point" where the "pointy part" is headed/entered...but not the "pointee".
From: <cti-stix@lists.oasis-open.org> on behalf of "Chernin, Aharon"
Date: Monday, September 21, 2015 at 1:56 PM To: "Wunder, John A.", "cti-stix@lists.oasis-open.org" Subject: Re: [cti-stix] Targeting in STIX 2.0 For example, a cyber intelligence feed that provides attack target URLS: TTP -> Victim Targeting -> Observable -> URL
Which of my URLs are being attacked?
Aharon
From: <cti-stix@lists.oasis-open.org> on behalf of "Wunder, John A."
Date: Monday, September 21, 2015 at 1:14 PM To: "cti-stix@lists.oasis-open.org" Subject: Re: [cti-stix] Targeting in STIX 2.0
What do you mean by targeting? Can you give a couple examples of how that would make the content smaller/better?
Sorry, just having trouble picturing this.
John
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]