cti-stix message

Subject: Re: [cti-stix] Some thoughts on Sightings and conversations to date (Part #2): the semantics of observation, indicator, incident, sightings, etc

From: Jerome Athias <athiasjerome@gmail.com>
To: Trey Darley <trey@soltra.com>
Date: Thu, 12 Nov 2015 17:08:52 +0300

Could we have short term (mid) + long term agreement?

Short: investigation in the incident status

Long: investigation construct

On Thursday, 12 November 2015, Trey Darley <trey@soltra.com> wrote:

On 11.11.2015 23:23:40, Jane Ginn - jg@ctin.us wrote:
>
> I'm inclined to go with the arguments for adding an Investigation
> construct, for this, and many other reasons.
>

I think the reasoning for an Investigation construct is solid. QED, I
support the notion. +1

--
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
--
"It is easier to move a problem around (for example, by moving the
problem to a different part of the overall network architecture) than
it is to solve it." --RFC 1925

References:
- RE: Some thoughts on Sightings and conversations to date (Part #2): the semantics of observation, indicator, incident, sightings, etc
  - From: Terry MacDonald <terry@soltra.com>
- Re: [cti-stix] RE: Some thoughts on Sightings and conversations to date (Part #2): the semantics of observation, indicator, incident, sightings, etc
  - From: "Jane Ginn - jg@ctin.us" <jg@ctin.us>
- Re: [cti-stix] RE: Some thoughts on Sightings and conversations to date (Part #2): the semantics of observation, indicator, incident, sightings, etc
  - From: Trey Darley <trey@soltra.com>