[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Action items & topics, 5/31 Working Call
All, Jane will send out more complete notes, but here’s some action items and topics out of the working call. Thanks again to everyone for dialing in, we’re making a ton of progress on these calls and in the docs. We’ll get out an agenda for next week’s call later in the week. Please let me or the other co-chairs know if you have any topics to discuss…Allan has already come to me with one. John -- Ready for Formal Consensus The following topics are just about at the point where we can make motions to consider them consensus: 1.
Boolean 2.
List 3.
Number 4.
IDs and References 5.
Object Creator 6.
Report TLO Please review those sections (1-5 are in the “Core Concepts” document, Report TLO is in the “TLOs” document)…assuming there are no dealbreakers by COB ET tomorrow (about 30 hours from now) I’ll make a motion
to consider them “consensus” status by unanimous consent. Action items: -
Review the concepts listed above, provide suggestions, and in particular point out any deal breakers. Final Review The following topics may need a bit more work, but should very soon be at the point where we can make similar motions: 1.
Open Vocabularies 2.
Controlled Vocabularies 3.
Vocabulary Extension 4.
Versioning 5.
Object Level Markings These can all be found in the “Core Concepts” document. If we don’t get any dealbreakers by this Friday I’ll make a motion to consider them “consensus”. Action items: -
Review the concepts listed above, provide suggestions, and in particular point out any deal breakers. Bundle is getting very close to the point where we can move it to final review. There are just a few open questions, which I’ll include in a separate e-mail. Action Items: See separate e-mail. Indicator Labels -
https://docs.google.com/document/d/13TuudUtGur9d68VewJW2t_mdEWkpdorNMZDZHCeqAEU/edit#heading=h.a50wvo4z81ef Topic has been discussed at length, but we need to finalize the list so we can accept it. I’ll send out a separate e-mail on this topic. Action items: See separate e-mail. We talked through the fields on campaign and had good consensus that the structure as currently defined is the way to go. This means having “motive” as a list of open-vocab values, pulling from the previous
threat-actor-motivation-vocab, and “objective” as a list of string/text values (in addition to title, description, and other fields). Action items: -
Please review and make suggestions to the motivation vocab (https://docs.google.com/document/d/13TuudUtGur9d68VewJW2t_mdEWkpdorNMZDZHCeqAEU/edit#heading=h.ipfy6p88c7ju). -
If you have any further objections to the object as defined, bring them up on the list. Otherwise we’ll continue to improve it and get ready for a motion next week. Intrusion Set -
https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.bjbu0dy8lyl6 Gary again talked through the definition of intrusion set and how it differs from campaigns, threat actors, and reports. At this point there’s certainly enough interest that we should continue working on it. Action Items: -
Please make suggestions for fields and relationships in the Google Doc. -
Think about whether the object is a good 2.0 MVP candidate for a future call/e-mail. We should make an in/out decision by next week. Kill Chains We didn’t discuss this topic due to time constraints. Action items: -
See my previous e-mail, and in particular if you disagree, please respond. External IDs Rich P. talked through his e-mail on a new approach for external IDs. Allan commented that he liked the general approach and would like to make it as minimal as possible. Action items: -
See Rich P’s e-mail from earlier today and answer the questions with your recommendations. TTPs We didn’t get to this topic. We can work through more on the e-mail lists and Slack through the week. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]