[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Top-level Sighting Object from last meeting
For the record https://stixproject.github.io/data-model/1.2/indicator/IndicatorType/ Valid_Time_Position 0..n ValidTimeType Specifies the time window for which this Indicator is valid. was introduced for some use cases related. 2015-10-30 12:15 GMT+03:00 Trey Darley <trey@soltra.com>: > On 29.10.2015 11:48:16, Jason Keirstead wrote: >> - Now you have another problem, for how long do you report these >> "negative assertions"? Forever? Indicators do not have a life-span >> attribute. >> > > Indicators *should* have some type of lifespan attribute. This is one > of the things I really like in OpenTPX. Cf. `score_24hr_decay_i`, page > 16 in the OpenTPX Introduction [0]. Should be its own thread, but > let's take inspiration from OpenTPX and add a decay mechanism to > Indicators and (arguably) Observables. > > [0]: https://www.opentpx.org/docs/openTPX-introduction.pdf > > -- > Cheers, > Trey > -- > Trey Darley > Senior Security Engineer > 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 > Soltra | An FS-ISAC & DTCC Company > www.soltra.com > -- > "Every networking problem always takes longer to solve than it seems > like it should." --RFC 1925
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]