[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] [External] [cti-stix] Re: [EXT] [cti-stix] Location, latitude/longitude, and precision
When the topic of GeoJSON has been raised within the TC previously no one really spoke up. It seems like multiple people are now suggesting that we reconsider. As an advocate for having GeoJSON as an option within the Location Object I would suggest that it *should* at least be an option to have a GeoJSON property included in the Location object so that the folks that wanted that capability
can use it. Given that the TC seemed against that then our plans were to use a custom property included with the location object the GeoJSON property.
If enough orgs agree that this is of value then maybe we should not make it custom but a regular property. From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of Patrick Maroney <pmaroney@wapacklabs.com> Along with previous Use Case example of tracking/modeling the activities of a terrorist cell through their cyber footprints, there are other similar markers to what Sarah highlights: Actor X met Actor Y at location Z. Wifi and Cell data
can be used for fairly accurate human and asset location tracking (and correlation to sensor data like Video Cameras, ATM Machines, POS transactions). We can all wholeheartedly agree that your garden variety IOC Exchange is indeed one of the major use cases for STIX/TAXII. However, it should NOT be the only use case we consider. I'll also repeat my advocacy for adopting existing well vetted and adopted standards (like GeoJSON in this case). The argument for adopting JSON was made and won years ago -- So let's use it here. As pointed out in this most recent incarnation: there are a wide variety of tools and frameworks that support GeoJSON. We don't need to re-litigate precision,
and any of a number of other Geo Location attributes -- It's already been done. Question to the Chairs: Is this topic "ballot worthy"? Patrick Maroney Principal Engineer - Data Science & Analytics Wapack Labs LLC (609)841-5104 On Jul 20, 2017, at 10:24 AM, Sarah Kelley <Sarah.Kelley@cisecurity.org> wrote: Don’t forget that location isn’t just for IP location data. It could be “This threat actor works in this building or lives at this address.” Sarah Kelley Senior Cyber Threat Analyst Multi-State Information Sharing and Analysis Center (MS-ISAC) 31 Tech Valley Drive East Greenbush, NY 12061 518-266-3493 24x7 Security Operations Center SOC@cisecurity.org - 1-866-787-4722 From: <cti-stix@lists.oasis-open.org>
on behalf of Nicholas Hayden <nhayden@anomali.com>
Do we really need granularity on this item or just relative? Honestly how many ip’s are directly linked to a very specific address. From what I’ve seen majority of them are linked to a city. Best Regards, Director of Engineering Anomali | anomali.com 808 Winslow St Redwood City, CA 94063 Phone: (650) 257-0867 | Twitter: @anomali
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination,
distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]