OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Supporting translations in STIX

Those are great use cases, thanks for bringing them up....!  Lets make sure we capture this so when we pick up i18n again, after the summer release is done, we can make sure we figure out a solution for this.  


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Jun 28, 2016, at 23:12, Allan Thomson <athomson@lookingglasscyber.com> wrote:

If a threat actor is communicating in non-english over an IIRC channel and those communications were captured and the threat intelligence organization that captured it, wants to share what they said in English translation, would that not be communicated via cybox data?

What if an email is written in non-english and sent as a phishing email to targets, the threat intel organization wants to translate to another language so that their team can understand what the content says for context awareness?

I understand the perspective that CyBox is primarily intended to represent facts in the packets being communicated so for the two use cases above, how would the translated information be provided in STIX/CyBox.

I’m not against doing something a different way if it makes sense, but saying that this is not a valid use case or can’t be supported isn’t really ideal.

allan

On 6/28/16, 2:38 PM, "John-Mark Gurney" <jmg@newcontext.com> wrote:

Allan Thomson wrote this message on Fri, Jun 24, 2016 at 16:00 +0000:
The sighting points to an indicator that identifies the pattern, which may be in english. But the sighting also points to the observation of the captured information which is in non-english.

We should restrict using language for fields that are human generated
and human consumed..  CybOX data, though may be in a specific language
cannot be translated w/o changing the meaning of it..  If a file name
is in Japanese in an Observation (CybOX data), translating that would
change the meaning of the Observation, and not be helpful...  Labeling
that it's Japense also does not provide any advantage (that I can think
of)..

On 6/24/16, 8:53 AM, "Back, Greg" <gback@mitre.org> wrote:

Are there specific sub-components where we would potentially want to support a different language from the parent TLO (for now, given that we can always add it later)?

--
John-Mark



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]