[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Labels on STIX TLOs
|
All, One of the topics that came up across several items on the call yesterday was the “labels” field that currently exists on Indicator, Malware, and Tool. The field is an array of values from an open vocabulary
(indicator-label-ov, malware-label-ov, and tool-label-ov respectively). We have a couple of open questions: 1.
Should the labels field be required or optional?
a.
If we make labels required, do we need to add a value of “other” to the vocabulary? This will help tools/users who can’t find an existing value in the vocabulary that works but don’t want to make
one up. 2.
Which TLOs need the labels field? It’s on Indicator, Malware, and Tool now but has not been added to Campaign or Attack Pattern.
a.
Allan has suggested adding it across all top-level objects. Does that make sense, or should we consider it on a case-by-case basis?
b.
Allan also suggested that if we don’t add it across all top-level objects, it should be added to Campaign. Are there other TLOs that we should add it to, even if we don’t add it across all of them? To be honest I don’t really have a strong opinion either way. What do you think? John |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]