[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Patterning for Course of Actions
On 19.10.2016 09:09:07, Jason Keirstead wrote: > > It is less clear to me if the observable patterning language is the > best means to do that. There is a lot of "weight" in observable > patterns that doesn't really apply to action sequences ( you are > really only interested in a tiny subset ). And yet even so, there > are other things you need that are actually missing from the pattern > grammar (such as "in parallel with"). You can't define end-to-end > workflows using our grammar, that's not really what it was designed > for. > Hey, Jason - True, the patterning grammar was not designed to support COA-related use cases but I think that we can develop a grammar to support COA orchestration that's _architecturally similar_ to how we've defined the observable patterning language. > > IMO the actual thing being sought here is an intermediary "playbook" > object in between the Incident object and the individual CoA > responses. The playbook defines the workflow of CoA and how they tie > together. > That, my friend, is an *excellent* idea! -- Cheers, Trey ++--------------------------------------------------------------------------++ Kingfisher Operations, sprl gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D ++--------------------------------------------------------------------------++ -- "E pur si muove!" --Galileo Galilei
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]