OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Some thoughts on Sightings and conversations to date (Part #2): the semantics of observation, indicator, incident, sightings, etc

Could we have short term (mid) + long term agreement?

Short: investigation in the incident status
Long: investigation construct

On Thursday, 12 November 2015, Trey Darley <trey@soltra.com> wrote:
On 11.11.2015 23:23:40, Jane Ginn - jg@ctin.us wrote:
> I'm inclined to go with the arguments for adding an Investigation
> construct, for this, and many other reasons.

I think the reasoning for an Investigation construct is solid. QED, I
support the notion. +1

Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
"It is easier to move a problem around (for example, by moving the
problem to a different part of the overall network architecture) than
it is to solve it." --RFC 1925

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]