[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: Some thoughts on Sightings and conversations to date (Part #2): the semantics of observation, indicator, incident, sightings, etc
|
Just debating with the group…. I think I could take Sean’s bullet points and turn them into Sighting object concepts.
Bullet point #1: A sightings object ref_id to an observable
Bullet point #2: A sightings object ref_id to an low confidence indicator. Isn’t a low confidence indicator when you assert that you are not that sure of your opinion? Ie. “may” be of interest.
Bullet point #3: A sightings object ref_id to an higher confidence indicator
While it doesn’t provide the exact “what I saw portion”, I would be happy to reduce complexity here.
Aharon
From: <cti-stix@lists.oasis-open.org> on behalf of "Barnum, Sean D." <sbarnum@mitre.org>
Date: Wednesday, November 4, 2015 at 1:53 PM To: Terry MacDonald <terry@soltra.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> Subject: [cti-stix] Re: Some thoughts on Sightings and conversations to date (Part #2): the semantics of observation, indicator, incident, sightings, etc
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]