[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Supporting translations in STIX
#I understand the perspective that CyBox is primarily intended
#to represent facts
+1
# in the packets being communicated so for
#the two use cases above, how would the translated information
#be provided in STIX/CyBox.
Additional comment.
I think that STIX/CybOX may separate original (or facts) and
translation fields. Because sometimes malicious file name includes
Japanese. If STIX/CybOX includes mixed original (or facts) and
translation data, I can not identify original or translation data at
receiving.
Masato
On 2016/06/29 12:12, cti-stix@lists.oasis-open.org wrote:
> If a threat actor is communicating in non-english over an IIRC channel and those communications were captured and the threat intelligence organization that captured it, wants to share what they said in English translation, would that not be communicated via cybox data?
>
> What if an email is written in non-english and sent as a phishing email to targets, the threat intel organization wants to translate to another language so that their team can understand what the content says for context awareness?
>
> I understand the perspective that CyBox is primarily intended to represent facts in the packets being communicated so for the two use cases above, how would the translated information be provided in STIX/CyBox.
>
> I’m not against doing something a different way if it makes sense, but saying that this is not a valid use case or can’t be supported isn’t really ideal.
>
> allan
>
> On 6/28/16, 2:38 PM, "John-Mark Gurney" <jmg@newcontext.com> wrote:
>
> Allan Thomson wrote this message on Fri, Jun 24, 2016 at 16:00 +0000:
>> The sighting points to an indicator that identifies the pattern, which may be in english. But the sighting also points to the observation of the captured information which is in non-english.
>
> We should restrict using language for fields that are human generated
> and human consumed.. CybOX data, though may be in a specific language
> cannot be translated w/o changing the meaning of it.. If a file name
> is in Japanese in an Observation (CybOX data), translating that would
> change the meaning of the Observation, and not be helpful... Labeling
> that it's Japense also does not provide any advantage (that I can think
> of)..
>
>> On 6/24/16, 8:53 AM, "Back, Greg" <gback@mitre.org> wrote:
>>
>> Are there specific sub-components where we would potentially want to support a different language from the parent TLO (for now, given that we can always add it later)?
>
--
-------------------------------------------------------------------
CSEC研究会 https://www.sdl.hitachi.co.jp/csec/
JVN http://jvn.doi.ics.keio.ac.jp/, http://jvn.jp/
JVNRSS http://jvnrss.ise.chuo-u.ac.jp/
Telecom-ISAC https://www.telecom-isac.jp/
-------------------------------------------------------------------
中央大学大学院 理工学研究科 (元)土居研究室
(株)日立製作所 Hitachi Incident Response Team (HIRT)
(株)日立製作所 横浜研究所
http://www.hitachi.com/hirt, http://www.hitachi.co.jp/hirt
TEL 044-555-0894(直通) 090-4369-3601(携帯) FAX
080-5198-8703(緊急)
〒140-0013 東京都品川区南大井6-26-3 大森ベルポートD館 16階
社内便 (O3)/D館(HIRTセ)
寺田真敏 Masato Terada (masato.terada.rd@hitachi.com)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]