[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Top-level Sighting Object from last meeting
Got that. It is just something i prefer to manage internally (with the timestamps/confidence... ... and my own scoring system) than relying on the subjective judgment of others. Now, that could be a potential optional new 'field' if you want it. 2015-10-30 13:05 GMT+03:00 Trey Darley <trey@soltra.com>: > On 30.10.2015 12:29:31, Jerome Athias wrote: >> For the record >> >> https://stixproject.github.io/data-model/1.2/indicator/IndicatorType/ >> Valid_Time_Position 0..n ValidTimeType Specifies the time window for >> which this Indicator is valid. >> >> was introduced for some use cases related. >> > > Good point, Jerome, I totally forgot about the Valid_Time_Position > property. (Actually, I'm not sure I've ever seen it used in the > field!) > > That said, I prefer the OpenTPX approach of allowing indicators to age > gradually rather than the current STIX approach of binary start/stop > times. It seems to me ultimately more useful to be able to say, "This > indicator is still valid but it is *less* valid than it was 10 days > ago" than to say, "This indicator is valid between now and next > Wednesday." > > -- > Cheers, > Trey > -- > Trey Darley > Senior Security Engineer > 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 > Soltra | An FS-ISAC & DTCC Company > www.soltra.com > -- > "It is more complicated than you think." --RFC 1925
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]