[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Supporting translations in STIX
If a threat actor is communicating in non-english over an IIRC channel and those communications were captured and the threat intelligence organization that captured it, wants to share what they said in English translation, would that not be communicated via cybox data? What if an email is written in non-english and sent as a phishing email to targets, the threat intel organization wants to translate to another language so that their team can understand what the content says for context awareness? I understand the perspective that CyBox is primarily intended to represent facts in the packets being communicated so for the two use cases above, how would the translated information be provided in STIX/CyBox. I’m not against doing something a different way if it makes sense, but saying that this is not a valid use case or can’t be supported isn’t really ideal. allan On 6/28/16, 2:38 PM, "John-Mark Gurney" <jmg@newcontext.com> wrote: Allan Thomson wrote this message on Fri, Jun 24, 2016 at 16:00 +0000: > The sighting points to an indicator that identifies the pattern, which may be in english. But the sighting also points to the observation of the captured information which is in non-english. We should restrict using language for fields that are human generated and human consumed.. CybOX data, though may be in a specific language cannot be translated w/o changing the meaning of it.. If a file name is in Japanese in an Observation (CybOX data), translating that would change the meaning of the Observation, and not be helpful... Labeling that it's Japense also does not provide any advantage (that I can think of).. > On 6/24/16, 8:53 AM, "Back, Greg" <gback@mitre.org> wrote: > > Are there specific sub-components where we would potentially want to support a different language from the parent TLO (for now, given that we can always add it later)? -- John-Mark
<<attachment: winmail.dat>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]