[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] Patterning MVP Operators
|
+1. We still have several stages of review to go and after that we have to worry about encouraging adoption, so anything we can do at this stage to simplify is a good thing and will let us move quicker. My
experience is also that the vast majority of indicators shared today are simple e-mail addresses, hashes, IP addresses, domain names, etc. IMO we should focus on getting those right, gaining adoption, and then try to advance from there. That said I don’t know what the balance is in terms of actual operators that stay and go. I would suggest anything that isn’t commonly used in shared indicators to be deferred. John From: <cti-cybox@lists.oasis-open.org> on behalf of Ivan Kirillov <ikirillov@mitre.org> Looking at the current set of operators defined in the CybOX Patterning specification [1], I’ve been wondering if we need all of the current operators for the MVP release of patterning. In particular, it strikes
me that the FOLLOWEDBY and REPEATED operators represent capabilities that are not seen in 99% of IOCs in use today. Does anyone have any real-world indicators that they need such operators for the _expression_ of? If not, it may make sense to consider moving
them out to a future release, which will in turn make the patterning specification simpler and also easier to implement for end-users. Regards, Ivan |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]