[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] [EXT] [cti] STIX action items for the full TC call on 6/15/17
John, Thanks for asking re: concerns about the scale. My previous inputs/musings/suggestions were that we should directly subsume the MISP Taxonomies, including their 0-100 scales for subjective measures. This perspective extends to other topics like geo-location where there is a well vetted/adopted JSON representation. Note: I DO NOT want to re-litigate these topics where/if there is already consensus in the CTI TC. Patrick Maroney Bret, Pat, Can you elaborate on your concerns about the scale? Just so everyone is aware, right now we have an open vocab where the values range from “strongly disagree” to “neutral” to “strongly agree” (you can see it in the working concepts doc
linked below). In the meantime, it does seem like we have consensus (perhaps not unanimity) on the major concepts of these two objects so we’ll move them into the 2.1 working docs once those are synced with our 2.0 changes. John From: <cti@lists.oasis-open.org> on behalf of Patrick Maroney <pmaroney@wapacklabs.com> Note that the following are not strongly held views, but want to provide requested responses to the proposed Opinion Object: (1) If I'm going to challenge the assertions of another Analyst/Organization, then I believe that some narrative basis for my counter-assertions should be "Required". Therefore, this description should not be optional. (2) Arguing for attribution of one challenging someone's assertion is a slippery slope, so will defer to consensus on this point. (3) Perspectives on "Scales" previously expressed. Patrick Maroney Principal Engineer - Data Science & Analytics Wapack Labs LLC (609)841-5104 On Jun 15, 2017, at 9:04 AM, Allan Thomson <athomson@lookingglasscyber.com> wrote: Name is the summary of the note. If the note is verbose content then having a short ‘name’ (or summary) is very useful. Its akin to having a subject line in an email vs having to read the entire email to understand the summary of the email. Its an optional parameter that hardly breaks anything and adds value to certain use cases. I don’t believe we should exclude parameters when others are suggesting it adds value to their use cases. From: "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com> For opinion, I am still concerned about the scale. I think we are leaning towards an open-vocab or ENUM of values. But I am not sure we have the fully consensus of the TC on this.
Yes it has been discussed on several working calls, but that is just a subset of this whole group. Opinion also does not have the ability to link against a specific version of an object. So you may issue an opinion but the object may have been updated and
your opinion is no longer valid. Further, I really worry that we do not have digital signatures yet. I think supporting the Opinion object before digital signatures is like putting the cart before the road. For note, I do not agree with having a "name" on the note. I do not think it makes sense to have a "name" for a note. Bret From: Werntz, Preston <Preston.Werntz@HQ.DHS.GOV> Bret – On the DHS side, we’ve been looking forward to Opinion in STIX 2.1 to help with our goal of implementing automated feedback in the Automated Indicator Sharing (AIS) initiative, so I’d
like to hear your concerns on what questions remain as that may help us think through ways to implement in AIS. Thanks! W. Preston Werntz Chief, Technology Services Section National Cybersecurity and Communications Integration Center (NCCIC) Department of Homeland Security From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On
Behalf Of Bret Jordan While I think note/intel-note and opinion are making progress, I personally do not feel like they are done enough to add to the 2.1 documents. I think there are several unanswered
questions. I think they need some more time and discussion before they are done. Bret From: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
on behalf of Sarah Kelley <Sarah.Kelley@cisecurity.org> On tomorrow’s working call, we will be addressing several topics that need TC consensus for moving forward with STIX 2.0 and STIX 2.1. In preparation for the meeting, please review the following: STIX 2.0:
STIX 2.1
The deadline for feedback/comments is Saturday June 17th. This will allow us to open a CS ballot next week. Thanks, Sarah Kelley Senior Cyber Threat Analyst Multi-State Information Sharing and Analysis Center (MS-ISAC) 31 Tech Valley Drive East Greenbush, NY 12061 518-266-3493 24x7 Security Operations Center SOC@cisecurity.org - 1-866-787-4722 This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination,
distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]