OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [cti-stix] Proposal - Change Report Object


I think this is the latest write up we have on this issue on the github schema project:

 

https://github.com/STIXProject/schemas/issues/291

 

Making this change to STIX (including John Wunder’s suggestion) would help flatten many of our heavily nested structures and quickly remove one source of the too many ways to do things problem.

 

Thanks,

 

Jon

 

============================================

Jonathan O. Baker

J83D - Cyber Security Partnerships, Sharing, and Automation

The MITRE Corporation

Email: bakerj@mitre.org

 

From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Jordan, Bret
Sent: Monday, July 27, 2015 12:20 PM
To: Wunder, John A. <jwunder@mitre.org>
Cc: Jason Keirstead <Jason.Keirstead@ca.ibm.com>; Trey Darley <trey@soltra.com>; cti-stix@lists.oasis-open.org
Subject: Re: [cti-stix] Proposal - Change Report Object

 

I could go with that... 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

On Jul 27, 2015, at 10:07, Wunder, John A. <jwunder@mitre.org> wrote:

 

I'm going to throw out there that we should make ALL relationships between top-level constructs reference only. That would include Report, but also things like TTPs in Indicators, etc.

 

From: <cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead
Date: Monday, July 27, 2015 at 11:59 AM
To: Trey Darley
Cc: "Jordan, Bret", "cti-stix@lists.oasis-open.org"
Subject: Re: [cti-stix] Re: Proposal - Change Report Object

 

I also +1 this if we are counting votes.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


<graycol.gif>Trey Darley ---2015/07/27 12:13:59 PM---+100, Bret! Cheers,

From: Trey Darley <trey@soltra.com>
To: "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date: 2015/07/27 12:13 PM
Subject: [cti-stix] Re: Proposal - Change Report Object
Sent by: <cti-stix@lists.oasis-open.org>





+100, Bret!

Cheers,
Trey
--
Trey Darley
Senior Security Engineer
Soltra | An FS-ISAC & DTCC Company
www.soltra.com



From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Jordan, Bret <bret.jordan@bluecoat.com>
Sent:
Monday, July 27, 2015 16:57
To:
cti-stix@lists.oasis-open.org
Subject:
[cti-stix] Proposal - Change Report Object

In STIX 2.0 I would like to propose that we change the Report Object to contain just reference to the objects that it is binding. I do not want to see it contain data itself.

[soap box]
We need one way of doing things and the current data-model of STIX, while beautiful, makes writing a decision tree in code for some arbitrary data in a STIX package nearly impossible. .
[/soap box]


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."


<graycol.gif>

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]