[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX Indicator Proposal
On 09.06.2017 07:51:46, Terry MacDonald wrote: > I'm not really a fan of this approach. We spent a long time > separating the observed data or so that it recorded what has > happened, and the indicator, which recorded what to look for. > While I applaud Gary's creativity in the approach he suggested, I agree with Terry's assessment. Going down this path would reopen The Great Arglebargle Debate of 2016, which would be counter-productive to say the least. (Which is not to say that there isn't a useful kernel in Gary's suggested approach, provided we can find a way of maintaining the clear delineation between Observed Data and Indicators.) This whole conversation started over perceived overlap between Malware/Infrastructure and Indicators. I don't think that we have a clear problem statement we'd all agree on yet. Until we have a clear common understanding of the problem we're trying to solve we will continue talking past one another. Let's make defining that clear problem statement the primary objective of today's TC working call. -- Cheers, Trey ++--------------------------------------------------------------------------++ Kingfisher Operations, sprl gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D ++--------------------------------------------------------------------------++ -- "There is absolutely no inevitability, so long as there is a willingness to contemplate what is happening." --Alfred North Whitehead
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]