OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] STIX 2.0 - Sightings object


The other part of this that I do not understand is how this works from a historical perspective.

Scenario: Between June 1 and June 31, 10,000 sightings are reported for an indicator by members of my ISAC. When I query my taxii server on August 1 and download that STIX document, does it have 10,000 sighting objects in it? Or, 1 with the number 10,000. Obviously, the latter, at least I hope is what people are thinking... because the former will simply not scale.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for "Jordan, Bret" ---2015/08/20 12:34:02 PM---One thing to keep in mind is that we want the objects as s"Jordan, Bret" ---2015/08/20 12:34:02 PM---One thing to keep in mind is that we want the objects as small and simple as possible. Some times t

From: "Jordan, Bret" <bret.jordan@bluecoat.com>
To: "Davidson II, Mark S" <mdavidson@MITRE.ORG>
Cc: Aharon Chernin <achernin@soltra.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date: 2015/08/20 12:34 PM
Subject: Re: [cti-stix] STIX 2.0 - Sightings object
Sent by: <cti-stix@lists.oasis-open.org>





One thing to keep in mind is that we want the objects as small and simple as possible. Some times to make them more broad you have to add a lot of extra fields. This should be avoided. We want them to be as atomic as possible. Also, if they are separate then they can grow and evolve independently.

This is one of the many things I do not like about how STIX and CybOX is done today. The excessive use of object oriented reuse makes it nearly impossible to fix or change certain things as that would have adverse effects on other areas that can not take those changes.

Object reuse is not always a good thing.


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
[attachment "signature.asc" deleted by Jason Keirstead/CanEast/IBM]




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]