[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] relationships
So what you're describing is basically the importance of Semantics, and the Triples concept. https://en.wikipedia.org/wiki/Semantic_Web That is explained, for example, in this paper (pointed out by Shawn Riley) http://ebiquity.umbc.edu/_file_directory_/papers/781.pdf PS: you, hopefully, would understand the frustration of those who identified and understood this issue/point 1+ year ago, and where advocating for an Ontology/Semantic direction (like with JSON-LD) of CTI just to make our life easier and to save time and effort for the success and quality of the work of this group. I hope that we did not waste the past 8+ months for realizing that "semantic matters" Best regards On Fri, Jul 15, 2016 at 8:33 AM, Jordan, Bret <bret.jordan@bluecoat.com> wrote: > I took a hard look at the relationships we have defined so far, and really > tried to question each one. I made a lot of comments in the docs for us to > review. I focused on what is the relationship trying to say, and does it > make since in both directions. What I came up with is that in some cases it > does make since in both directions, however, what you are trying to say is > actually different. > > I guess it all comes down to what you are starting with, and what you are > trying to say about that which you started with. Take the example of an > Indicator linking to a Campaign. > > 1) If you start with the Campaign, you might say that that "This Campaign is > [detectable-by] this Indicator" > > 2) If you start with the Indicator, you might say, that "This Indicator > [can-detect] this Campaign" or "This Indicator [indicates] the presence of > this Campaign". > > So it really depends on what you have to start with, and what you are trying > to say. So for some of these, we may actually need to define the > relationships both ways. > > > Thanks, > > Bret > > > > Bret Jordan CISSP > Director of Security Architecture and Standards | Office of the CTO > Blue Coat Systems > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can > not be unscrambled is an egg." >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]