[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [Non-DoD Source] Re: [cti-stix] Threat Actor and Identity
For Identity relationships it may be valuable to have relationships between Identities. i.e. Identity to identity. Such as 'owns' or 'works for' Not sure how in-depth we want to get in these types of relationships, but would value a discussion. -----Original Message----- From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Jerome Athias Sent: Friday, July 01, 2016 9:17 AM To: Wunder, John A. Cc: cti-stix@lists.oasis-open.org Subject: [Non-DoD Source] Re: [cti-stix] Threat Actor and Identity Regarding Identity: While I could see an improvement (or good direction taken) in the information model through the relationships like "created_by_ref"... The properties, and properties' names seem coming from a design from scratch. (or is this the real intent of (over) simplification making it look 'childish'?) I can't see any design built on previous standards or specifications such as the previous version of CTI/STIX, OASIS CIQ, IODEF:contact (RID or CDXI, etc.) (Is that voluntary? Or is it purely not envisioned any reuse or effort for interoperability?) nor any foundations on classifications (not even US-centric like NAICS for sectors) (Is it just open for -some folks- to complete the [ISO Ref]... ?) Best regards 2016-07-01 15:21 GMT+03:00 Wunder, John A. <jwunder@mitre.org>: > Hey all, > > > > In an effort to kick-start the identity and threat actor discussion, a > few of us got together yesterday and spent some time fleshing out a > first shot at them. Please take a look in the document and see if what > we have will work for MVP: > > > > Identity: > https://docs.google.com/document/d/1F1c05GgYaJFV1Z04B8c_T3vEE-LRQTPExF > 24LvOQAsk/edit#heading=h.ja9ea729i9rh > > Threat Actor: > https://docs.google.com/document/d/1F1c05GgYaJFV1Z04B8c_T3vEE-LRQTPExF > 24LvOQAsk/edit#heading=h.m7vja8o49dq0 > > > > I know that Identity in particular probably doesn’t have all of the > fields we eventually want to add. We included fields for usernames, > addresses, and phone numbers as RESERVED so we can talk through them > for 2.1. Our worry was that if we tried to completely flesh out > indicator for 2.0 we would either get it wrong or run out of time, so > the set we have included now is intended to cover just the primary use cases. > > > > John --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]