cti-stix message

Subject: Re: [cti-stix] Re: [cti] [cti-stix] MISP Taxonomies [Was: CTI Brussels F2F Meeting...RSVP deadline 5 September]

From: Alexandre Dulaunoy <Alexandre.Dulaunoy@circl.lu>
To: cti-stix@lists.oasis-open.org
Date: Tue, 13 Sep 2016 13:42:27 +0200

On 13/09/16 12:31, Jason Keirstead wrote:
> Yes, exactly.
> 
> The purpose of the larger range is simply to accommodate more possible scales than a single 1-5 scale. Nothing more or less.

Indeed. The proposal came from some real cases we had like reorganizing the confidence level of various sources. The 1-5 scale is clearly
for human analysts where the whole range is mainly for machine-to-machine. With the current proposal[2], you can have both.

Compared to the existing confidence level in STIX described with the HighMediumLowVocab-1.0[1], we added a scale
and a clear description for analysts.

[1] http://stixproject.github.io/data-model/1.2/stixVocabs/HighMediumLowVocab-1.0/
[2] https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31

-- 
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
info@circl.lu - www.circl.lu

Follow-Ups:
- Re: [cti-stix] Re: [cti] [cti-stix] MISP Taxonomies [Was: CTI Brussels F2F Meeting...RSVP deadline 5 September]
  - From: "Wunder, John A." <jwunder@mitre.org>

References:
- Re: [cti-stix] Re: [cti] [cti-stix] MISP Taxonomies [Was: CTI Brussels F2F Meeting...RSVP deadline 5 September]
  - From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>