[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: [cti] [cti-stix] MISP Taxonomies [Was: CTI Brussels F2F Meeting...RSVP deadline 5 September]
On 13/09/16 12:31, Jason Keirstead wrote: > Yes, exactly. > > The purpose of the larger range is simply to accommodate more possible scales than a single 1-5 scale. Nothing more or less. Indeed. The proposal came from some real cases we had like reorganizing the confidence level of various sources. The 1-5 scale is clearly for human analysts where the whole range is mainly for machine-to-machine. With the current proposal[2], you can have both. Compared to the existing confidence level in STIX described with the HighMediumLowVocab-1.0[1], we added a scale and a clear description for analysts. [1] http://stixproject.github.io/data-model/1.2/stixVocabs/HighMediumLowVocab-1.0/ [2] https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31 -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg info@circl.lu - www.circl.lu
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]