[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [EXT] Re: [cti-stix] Small changes from 2.0 - 2.1 - dates on relationships
I think I have a preference for the valid_* as well. We should use the same terms that we use else where for this.
The first seen on the relation does say something totally different though. And I am wondering if that use case would be better
handled another way or do we need both sets of values?
Bret From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Wunder, John A. <jwunder@mitre.org>
Sent: Wednesday, August 30, 2017 8:25 AM To: Sarah Kelley; cti-stix@lists.oasis-open.org Subject: [EXT] Re: [cti-stix] Small changes from 2.0 - 2.1 - dates on relationships I support this change, which I believe was originally suggested by Allan. You can think of many use cases in real intelligence:
I would say that the big question here is whether we call the fields “valid_from” and “valid_to” or “first_seen” and “last_seen”. I think I have a slight preference for valid_from and valid_to because of some of the connotations of “last_seen” being present vs. absent. Like if last_seen is not on the object, what does it mean, vs. if last_seen is on the object set to yesterday. Valid_from on the other hand makes it clear that if the producer feels like the relationship is still valid they don’t provide the field.
John
From: <cti-stix@lists.oasis-open.org> on behalf of Sarah Kelley <Sarah.Kelley@cisecurity.org>
I’m going to be sending a series of emails regarding small changes that have been requested in moving from STIX 2.0 to STIX 2.1. The hope is that these won’t be particularly controversial, but if anyone has any objections to these changes, please speak up.
GITHUB issue #11 (https://github.com/oasis-tcs/cti-stix2/issues/11 )
There has been a suggestion to add “first_seen” and “last_seen” properties onto the relationship object. The Relationship object would then look something like this (with the suggested changes highlighted in yellow):
3.1.2 Properties
Does anyone have any objections to making this change?
Sarah Kelley Senior Cyber Threat Analyst Multi-State Information Sharing and Analysis Center (MS-ISAC) 31 Tech Valley Drive East Greenbush, NY 12061
518-266-3493 24x7 Security Operations Center SOC@cisecurity.org - 1-866-787-4722
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited.
Please notify the sender immediately and permanently delete the message and any attachments.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]