[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Threat Actor and Identity
Regarding Identity: While I could see an improvement (or good direction taken) in the information model through the relationships like "created_by_ref"... The properties, and properties' names seem coming from a design from scratch. (or is this the real intent of (over) simplification making it look 'childish'?) I can't see any design built on previous standards or specifications such as the previous version of CTI/STIX, OASIS CIQ, IODEF:contact (RID or CDXI, etc.) (Is that voluntary? Or is it purely not envisioned any reuse or effort for interoperability?) nor any foundations on classifications (not even US-centric like NAICS for sectors) (Is it just open for -some folks- to complete the [ISO Ref]... ?) Best regards 2016-07-01 15:21 GMT+03:00 Wunder, John A. <jwunder@mitre.org>: > Hey all, > > > > In an effort to kick-start the identity and threat actor discussion, a few > of us got together yesterday and spent some time fleshing out a first shot > at them. Please take a look in the document and see if what we have will > work for MVP: > > > > Identity: > https://docs.google.com/document/d/1F1c05GgYaJFV1Z04B8c_T3vEE-LRQTPExF24LvOQAsk/edit#heading=h.ja9ea729i9rh > > Threat Actor: > https://docs.google.com/document/d/1F1c05GgYaJFV1Z04B8c_T3vEE-LRQTPExF24LvOQAsk/edit#heading=h.m7vja8o49dq0 > > > > I know that Identity in particular probably doesn’t have all of the fields > we eventually want to add. We included fields for usernames, addresses, and > phone numbers as RESERVED so we can talk through them for 2.1. Our worry was > that if we tried to completely flesh out indicator for 2.0 we would either > get it wrong or run out of time, so the set we have included now is intended > to cover just the primary use cases. > > > > John
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]