[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] [External] [cti-stix] Re: [EXT] [cti-stix] Location, latitude/longitude, and precision
Hey all, We did raise this issue before on the lists, and had roughly the same set of people advocating for it (Pat, Allan, now Jason). We can certainly re-open it if there’s a large number of new people who want to see it, but in the absence of
that I think we should focus on this particular question. Those that want to use GeoJSON could maybe form a small group, agree on a custom property name, and if that goes well bring it up in 2.2? Also just to re-iterate: GeoJSON **doesn’t support precision/uncertainty**…the way you would do this in GeoJSON is draw a circle centered at the lat/lng with the given radius, in which case it’s hard to differentiate if you’re saying that’s
the uncertainty or if you’re literally describing a circle (i.e. it likely resolved to a city, in which case the “correct” approach is to draw a bounding box around the city, not just a circle). If you just want to represent a lat/lng as a point there’s no
ability to specify uncertainty. Of the other options, I’ve seen most people express that “optional, no default” is either their first or second option…to me that suggests we’re approaching consensus for that approach, though of course we should continue this discussion. John From: Allan Thomson <athomson@lookingglasscyber.com> When the topic of GeoJSON has been raised within the TC previously no one really spoke up. It seems like multiple people are now suggesting that we reconsider. As an advocate for having GeoJSON as an option within the Location Object I would suggest that it *should* at least be an option to have a GeoJSON property included in the Location object so that the folks that wanted that capability
can use it. Given that the TC seemed against that then our plans were to use a custom property included with the location object the GeoJSON property.
If enough orgs agree that this is of value then maybe we should not make it custom but a regular property. From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of Patrick Maroney <pmaroney@wapacklabs.com> Along with previous Use Case example of tracking/modeling the activities of a terrorist cell through their cyber footprints, there are other similar markers to what Sarah highlights: Actor X met Actor Y at location Z. Wifi and Cell data
can be used for fairly accurate human and asset location tracking (and correlation to sensor data like Video Cameras, ATM Machines, POS transactions). We can all wholeheartedly agree that your garden variety IOC Exchange is indeed one of the major use cases for STIX/TAXII. However, it should NOT be the only use case we consider. I'll also repeat my advocacy for adopting existing well vetted and adopted standards (like GeoJSON in this case). The argument for adopting JSON was made and won years ago -- So let's use it here. As pointed out in this most recent incarnation: there are a wide variety of tools and frameworks that support GeoJSON. We don't need to re-litigate precision,
and any of a number of other Geo Location attributes -- It's already been done. Question to the Chairs: Is this topic "ballot worthy"? Patrick Maroney Principal Engineer - Data Science & Analytics Wapack Labs LLC (609)841-5104 On Jul 20, 2017, at 10:24 AM, Sarah Kelley <Sarah.Kelley@cisecurity.org> wrote: Don’t forget that location isn’t just for IP location data. It could be “This threat actor works in this building or lives at this address.” Sarah Kelley Senior Cyber Threat Analyst Multi-State Information Sharing and Analysis Center (MS-ISAC) 31 Tech Valley Drive East Greenbush, NY 12061 518-266-3493 24x7 Security Operations Center SOC@cisecurity.org - 1-866-787-4722 From: <cti-stix@lists.oasis-open.org>
on behalf of Nicholas Hayden <nhayden@anomali.com>
Do we really need granularity on this item or just relative? Honestly how many ip’s are directly linked to a very specific address. From what I’ve seen majority of them are linked to a city. Best Regards, Director of Engineering Anomali | anomali.com 808 Winslow St Redwood City, CA 94063 Phone: (650) 257-0867 | Twitter: @anomali
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination,
distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]