OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Proposal of confidence level using MISP taxonomies

For the numerical value of "Confidence cannot be evaluated", could we use "-1" ?

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Alexandre Dulaunoy ---09/12/2016 12:36:12 PM---Dear, Following the recent and good discussions at theAlexandre Dulaunoy ---09/12/2016 12:36:12 PM---Dear, Following the recent and good discussions at the TC, here is a proposal of confidence

From: Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
To: cti-stix@lists.oasis-open.org, OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Date: 09/12/2016 12:36 PM
Subject: [cti] Proposal of confidence level using MISP taxonomies
Sent by: <cti@lists.oasis-open.org>




Dear,

Following the recent and good discussions at the TC, here is a proposal of confidence
level that we will implement in MISP via the misp-taxonomies:

{
    "predicate": "confidence-level",
    "entry": [
       {
         "expanded": "Completely confident",
         "value": "completely-confident",
         "numerical_value": 100
       },
       {
         "expanded": "Usually confident",
         "value": "usually-confident",
         "numerical_value": 75
       },
       {
         "expanded": "Fairly confident",
         "value": "fairly-confident",
         "numerical_value": 50
       },
       {
         "expanded": "Rarely confident",
         "value": "rarely-confident",
         "numerical_value": 25
       },
       {
         "expanded": "Unconfident",
         "value": "unconfident",
         "numerical_value": 0
       },
       {
         "expanded": "Confidence cannot be evaluated",
         "value": "confidence-cannot-be-evalued"
       }
    ]
}


https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31

Feedback welcome. I also included the original slides I gave during the TC in Brussels.

I'll summarize the various options of integration with the taxonomies in STIX in another email.

Cheers.


--
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
info@circl.lu - www.circl.lu
[attachment "misp-OASIS-TC-Brussels-2016.pdf" deleted by Jason Keirstead/CanEast/IBM]
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]