[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: STIX Incident Meeting Slides
I attached the slides that were presented at the working session today.
Based on the discussions today the following were concluded:
1. Impacts will be split into their own extension. I will present a
proposal on this next week for the group to review.
2. Activities should be split from Incident as was initially proposed, but
as a group we need to decide a name for these. Regardless of what we call
them it is important that they be distinct from Courses of Action for
defenders while allowing capturing of attacker, defender, and other types of
actions / events / activities. Options brought up include:
a. Incident Activity
b. Activity
c. Event
d. Action
//SIGNED//
Jeffrey Mates, Civ DC3/TSD
Computer Scientist
Technical Solutions Development
jeffrey.mates@us.af.mil
410-694-4335
Attachment:
STIX Incident Paths Forward.pdf
Description: Adobe PDF document
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]