[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] Patterning MVP Operators
Kirillov, Ivan A. wrote this message on Mon, Oct 10, 2016 at 18:06 +0000: > Looking at the current set of operators defined in the CybOX Patterning specification [1], I’ve been wondering if we need all of the current operators for the MVP release of patterning. In particular, it strikes me that the FOLLOWEDBY and REPEATED operators represent capabilities that are not seen in 99% of IOCs in use today. Does anyone have any real-world indicators that they need such operators for the expression of? If not, it may make sense to consider moving them out to a future release, which will in turn make the patterning specification simpler and also easier to implement for end-users. Can you explain why you want to remove these when they are well defined? We've already written the text. Discussed them multiple times on many calls about their meaning, etc. I don't see any benefit to us in throwing away the work, and it will only delay patterning as we make things readable/work w/o that text. Also, from our perspective, patterning w/o WITHIN and FOLLOWEDBY is DOA, and would delay our adoption of STIX 2.0. -- John-Mark
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]