cti-stix message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti] Proposal of confidence level using MISP taxonomies
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
- Date: Mon, 12 Sep 2016 19:08:25 +0200
For the numerical value of "Confidence cannot be evaluated", could we use "-1" ?
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
Alexandre Dulaunoy ---09/12/2016 12:36:12 PM---Dear, Following the recent and good discussions at the TC, here is a proposal of confidence
From: Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
To: cti-stix@lists.oasis-open.org, OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Date: 09/12/2016 12:36 PM
Subject: [cti] Proposal of confidence level using MISP taxonomies
Sent by: <cti@lists.oasis-open.org>
Dear,
Following the recent and good discussions at the TC, here is a proposal of confidence
level that we will implement in MISP via the misp-taxonomies:
{
"predicate": "confidence-level",
"entry": [
{
"expanded": "Completely confident",
"value": "completely-confident",
"numerical_value": 100
},
{
"expanded": "Usually confident",
"value": "usually-confident",
"numerical_value": 75
},
{
"expanded": "Fairly confident",
"value": "fairly-confident",
"numerical_value": 50
},
{
"expanded": "Rarely confident",
"value": "rarely-confident",
"numerical_value": 25
},
{
"expanded": "Unconfident",
"value": "unconfident",
"numerical_value": 0
},
{
"expanded": "Confidence cannot be evaluated",
"value": "confidence-cannot-be-evalued"
}
]
}
https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31
Feedback welcome. I also included the original slides I gave during the TC in Brussels.
I'll summarize the various options of integration with the taxonomies in STIX in another email.
Cheers.
--
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
info@circl.lu - www.circl.lu
[attachment "misp-OASIS-TC-Brussels-2016.pdf" deleted by Jason Keirstead/CanEast/IBM]
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]