+1 for Confidence as well.
Paul Patrick
From:
<cti-stix@lists.oasis-open.org> on behalf of "Coderre, Robert" <rcoderre@verisign.com>
Date: Monday, August 22, 2016 at 2:37 PM
To: Aharon Chernin <achernin@soltra.com>, Sarah Kelley <Sarah.Kelley@cisecurity.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: RE: [cti-stix] STIX 2.1 discussion
My +1 for confidence. I understand the eventual need to tie this to a producer identity and signature, but for producers like us, this is a concept already well understood
and currently in use, either natively or via STIX 1.x.
From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org]
On Behalf Of Aharon Chernin
Sent: Monday, August 22, 2016 1:41 PM
To: Sarah Kelley; cti-stix@lists.oasis-open.org
Subject: Re: [cti-stix] STIX 2.1 discussion
I also agree on Confidence as a next step. Confidence is something that can be implemented rather quickly within the TC (and vendor products), and have a large benefit to consumers.
Aharon
I would argue for the confidence as well. I understand that you want it to interact with digital signatures, but I know we’re using it already in STIX 1.x. We use the confidence
field as Terry described, to give our analysts some hint how much they should care about something if they see it in traffic or how likely we believe it could be to cause false positives. Every single thing in our database has a confidence on it.
I would also push for incident (for our use) and also for internationalization for the sake of increased adoption.
Sarah Kelley
Senior CERT Analyst
Center for Internet Security (CIS)
Integrated Intelligence Center (IIC)
Multi-State Information Sharing and Analysis Center (MS-ISAC)
1-866-787-4722 (7×24 SOC)
Email: cert@cisecurity.org
www.cisecurity.org
Follow us @CISecurity
Confidence does not really make sense before we have digital signatures, neither does the opinion object.. Without digital signatures first, there is no "real" confidence or opinion as everything could be faked.
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
On 20.08.2016 08:22:15, Terry MacDonald wrote:
My wish list for 2.1:
+1 for Terry's list of STIX 2.1/2.2 priorities
--
Cheers,
Trey
++--------------------------------------------------------------------------++
Kingfisher Operations, sprl
gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D
++--------------------------------------------------------------------------++
--
"All systems, regardless of composition, do one of three things: blow
up, oscillate, or stay about the same." --anonymous
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited.
Please notify the sender immediately and permanently delete the message and any attachments.
. . .
This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited.
If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.
|