[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Indicator Patterns
Per my discussion I brought up the other day and after having talked with John W, Allan, and Jason, I would like to propose that for STIX 2.0 we do the following:
1) drop the "pattern_lang" and "pattern_lang_version" properties 2) remove the "pattern-lang-ov" 3) remove support for including SNORT and YARA in the Indicator:Pattern field.
This will finish removing most of the artificial separation we had in the documents.
Then in STIX 2.1 or 2.2, if people really need and want SNORT and YARA support, we can add it back in as separate properties, aka ("snort" and "yara") in the indicator.
Thanks Bret
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]