[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Top-level Sighting Object from last meeting
On 29.10.2015 11:48:16, Jason Keirstead wrote: > - Now you have another problem, for how long do you report these > "negative assertions"? Forever? Indicators do not have a life-span > attribute. > Indicators *should* have some type of lifespan attribute. This is one of the things I really like in OpenTPX. Cf. `score_24hr_decay_i`, page 16 in the OpenTPX Introduction [0]. Should be its own thread, but let's take inspiration from OpenTPX and add a decay mechanism to Indicators and (arguably) Observables. [0]: https://www.opentpx.org/docs/openTPX-introduction.pdf -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "Every networking problem always takes longer to solve than it seems like it should." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]