[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Sighting, Observation, and Indicator updated
|
Hey folks,
A group of us spent some time hashing through how sighting, observation, and indicator work together (notional tie-in to CybOX and patterning). It’s all reflected in the pre-draft specs for STIX: https://docs.google.com/document/d/1F1c05GgYaJFV1Z04B8c_T3vEE-LRQTPExF24LvOQAsk/edit
We’ve had pretty good agreement on this so I think at this point we’re ready to move into the review phase. Please take a look at these definitions, fields, and examples and see if they work for you.
PS: The “kind of indicator” (indicator type, indicator category) vocabulary discussion kind of stalled. Who’s interested in that topic? Can we get a small group to work together to make progress on that and bring back a proposal? As a reminder, there was
also a suggestion to split that single field into a field for pattern type and a field for threat type.
John
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]