[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Sighting, Observation, and Indicator updated
A hearty "Great Work!" John (and all who have contributed).
Since I'm spamming the list for a good cause:
A hearty "Great Work!" to Ivan & contributors as well on (1) outlining the different options for CybOX Object representations and (2) providing example Gist references showing how each the different options looks for various use cases.
Check 'em out - there's links in the document, but you can also access the Gists directly. You can comment/pose questions, etc. on individual Gists and if your use cases aren't represented, add 'em 😁 The more use case diversity we have to weigh options/tradeoffs the better.
Integrated Networking Technologies, Inc.
On Thu, Apr 7, 2016 at 1:12 PM -0700, "Wunder, John A." <email@example.com> wrote:
A group of us spent some time hashing through how sighting, observation, and indicator work together (notional tie-in to CybOX and patterning). It’s all reflected in the pre-draft specs for STIX: https://docs.google.com/document/d/1F1c05GgYaJFV1Z04B8c_T3vEE-LRQTPExF24LvOQAsk/edit
We’ve had pretty good agreement on this so I think at this point we’re ready to move into the review phase. Please take a look at these definitions, fields, and examples and see if they work for you.
PS: The “kind of indicator” (indicator type, indicator category) vocabulary discussion kind of stalled. Who’s interested in that topic? Can we get a small group to work together to make progress on that and bring back a proposal? As a reminder, there was also a suggestion to split that single field into a field for pattern type and a field for threat type.