[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] field names
Thanks to point out this before review/comments of the summer release... Consistency would help to Standardize/Integrate/Automate - IMHO Message in a bottle shared some time ago ( http://making-security-measurable.1364806.n2.nabble.com/attachment/7580434/0/Incident_DataModels_Mapping.xlsx ) if useful: In IODEF you can find: DetectTime StartTime EndTime ReportTime Mapped to VERIS: timeline.discovery timeline.incident timeline.containment timeline.investigation Mapped to NDDM: Incident.detect_datetime Incident.start_datetime Incident.end_datetime Incident.CERT_datetime_reported 2016-06-29 23:08 GMT+03:00 Jordan, Bret <bret.jordan@bluecoat.com>: > In the following TLOs we have defined the following timestamp fields > > In Observations we have "start" and "end" > In Report we have "published" > In Indicator we have "start" an "end" > > In the TLO Common Properties we have 2 fields: > "created_time" > "modified_time" > > I am guessing we should probably have some consistency... Perhaps we > should change the TLO Common Properties fields to be just "created" and > "modified" > > > Thanks, > > Bret > > > > Bret Jordan CISSP > Director of Security Architecture and Standards | Office of the CTO > Blue Coat Systems > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can > not be unscrambled is an egg." >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]