[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] CybOX Objects/Relationships
Hi all,
On 10/04/2016 03:47, "Jason Keirstead" <Jason.Keirstead@ca.ibm.com> wrote:
>
> - It is yet to be seen if this would ever actually be used by analysts. If people need it, they will come asking for it... until people ask for it we shouldn't be cooking up potential scenarios IMO.
>
Have we actually even asked the community if my suggestion was a valid scenario? We need to give the cif-users list a chance to comment on this. I think it's probably time for us to try to put together a list of specific use cases (without implementation details in them) so that we can agree on the scenarios that we will focus on in MVP.
Regarding needing it, we needed at my previous security incident handler role in NZ (before STIX). We had no standard way of sharing the fact we had received bad emails that contained a zip that contained a malicious PDF. Or any format for allowed things to be stored inside it for that matter. This is useful for sharing the details of any malware distribution run. I see these discussions today on groups I'm part of... In fact there was even a series of these messages sent last week on one Australian sharing group i belong to. With STIX and CybOX we have an opportunity to provide incident handlers and analysts with basic building blocks that they can use to put together the bits they need to build the story they want to tell. I really feel that the ability to relate the multiple components of something they observed something that is important.
Cheers
Terry MacDonald
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]