[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX timestamps and ISO 8601:2000
I miss typed in my last email, I meant to say micro seconds not milliseconds, aka 6 digits of precision not 3 digits of precision. Wireshark and other networking / security tools are able to work with and provide 6 digits of precision. That is VERY common. What is not really common today is 9 digits of precision. I propose that STIX / CybOX / TAXII use the following RFC3339/ISO8601 timestamp format: yyyy-mm-ddThh:mm:ss.mmmmmm where all times are recorded in UTC format. A UI tool can display and should display the time in a format that works for the end user. Open Questions for manual creation of timestamps of when you think something took place. 1) How do you define a time of just a date? Meaning, I do not know what time of day it took place? I am documenting this event retrospectively. 2015-11-23T00:00:00.000000 ???? 2) What if I only know the month and year? 2015-11-00T00:00:00.000000 ???? 3) What if I do not know the seconds but know the hour and minute? 2015-11-23T11:06:00.000000 ???? This can be weird as you would not know I just want us to all be on the same page. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]