OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] Top-level Sighting Object from last meeting


Right but what I am asking is, what is the situation that causes Org2 and Org3 to decide to issuing this STIX document with negative assertions back to the TAXII server. Are you saying that every document is expected to be replied to?

The use case for positive assertions is clear to me - I receive indicators TTPs/Indicators/Whatever, and if I choose, I can reply whenever I see them in the future.

The use case for negative assertions is anything but clear to me - Like Aharon said, under what situation do I send the negative assertion that I did not see it, and how often do I send it - hourly? Daily? Weekly?

To me this is a lot more about QUERY of the central sightings database, and a lot less about negative assertions.

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Jerome Athias ---2015/10/29 12:55:30 PM---So How it is envisioned for a Relationship (so not yet for Jerome Athias ---2015/10/29 12:55:30 PM---So How it is envisioned for a Relationship (so not yet for an object): Org1 says: high confidence th

From: Jerome Athias <athiasjerome@gmail.com>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: Joep Gommers <joep@eclecticiq.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, "Sean D. Barnum" <sbarnum@mitre.org>, Cory Casanave <cory-c@modeldriven.com>, "Thompson, Dean" <Dean.Thompson@anz.com>, Terry MacDonald <terry@soltra.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date: 2015/10/29 12:55 PM
Subject: Re: [cti-stix] Top-level Sighting Object from last meeting
Sent by: <cti-stix@lists.oasis-open.org>





So How it is envisioned for a Relationship (so not yet for an object):

Org1 says: high confidence that obj1 and obj2 related
Org2: low confidence that they are related
Org3: disagree that they are related
...

On Thursday, 29 October 2015, Jason Keirstead <
Jason.Keirstead@ca.ibm.com> wrote:
From:"Jordan, Bret" <bret.jordan@bluecoat.com>
To:"Sean D. Barnum" <sbarnum@mitre.org>
Cc:"Cory Casanave" <cory-c@modeldriven.com>, "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>, "Thompson, Dean" <Dean.Thompson@anz.com>, "Terry MacDonald" <terry@soltra.com>, cti-stix@lists.oasis-open.org
Date:Wed, Oct 28, 2015 5:26 PM
Subject:Re: [cti-stix] Top-level Sighting Object from last meeting



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]