[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX Indicator Proposal
On 08.06.2017 16:29:25, John-Mark Gurney wrote: > > This also means that there will be two ways to do the same thing. > This is too much like the old way of handing indicators which had > tons of issues in writting a proper matching engine for. > > This also makes quering indicators from a TAXII feed much more > difficult. W/ the dedicated object, you just asked for Indicators, > but for this, you'd need to ask for all observed-data that have a > i_* field, which will be a very complex query/search unless you > create a special index on it. > This. So much this. +100, JMG. -- Cheers, Trey ++--------------------------------------------------------------------------++ Kingfisher Operations, sprl gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D ++--------------------------------------------------------------------------++ -- "It is more complicated than you think." --RFC 1925
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]