[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Top-level Sighting Object from last meeting
On 29.10.2015 12:04:18, Jason Keirstead wrote: > > The use case for negative assertions is anything but clear to me - > Like Aharon said, under what situation do I send the negative > assertion that I did not see it, and how often do I send it - > hourly? Daily? Weekly? > One of the core use cases the notional TAXII 2.0 REST Query API addresses is answering the question, "Have you seen this thing?" Rather than making negative assertions a producer-side object (and getting into the rat's nest Jason outlined above), put it on the consumer side. Combining this approach with the notional query broadcast capability I outlined earlier today in [0] & [1], you can use the REST Query API to inquire of the entire world (where $world == the part of the CTI community you're privy to.) [0]: https://lists.oasis-open.org/archives/cti-stix/201510/msg00300.html [1]: https://taxiiproject.github.io/taxii2/notional-query-api/#query-scoping -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "For all resources, whatever it is, you need more." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]