OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: July 25 Working Call Agenda - Event


All,

 

Our working call on July 25 will focus on the Event object again. The plan is to go over the set of use cases we know we want to cover and then see how well our current proposal maps against those use cases. That will hopefully let us ground the discussion a bit.

 

Ahead of time, please think about the machine-to-machine or organization-to-organization use cases you have for the Event object. A few to start with:

 

  • SIEM sends an alert to an incident response system
  • An organization reports an incident to comply with some mandatory or voluntary reporting requirement
  • An IR system sends an event to a TIP, where the TIP can do trending and correlation with other CTI data

 

What is missing from that list?

 

John



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]