[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Question
I opened this issue in the TAXII Github issue tracker, but it has philosophical / ethical implication for STIX. STIX nor TAXII really addresses this yet..
Ref: https://github.com/oasis-tcs/cti-taxii2/issues/14
-- copy from issue tracker -- Say my server supports STIX 2.0 and STIX 2.1 content. I get some data that is in STIX 2.1 format. Then someone comes along and asks for content in STIX 2.0 format. What do I do with the fields, properties, objects, relationship
types, vocab terms, etc that are not valid in STIX 2.0? What happens in a STIX Bundle or Report that has content that is in both STIX 2.0 and STIX 2.1. Meaning, what happens if it has indicators and notes and opinions. Do you send the indicator and not the note and options? Do you prune the notes and opinions
from the report or bundle ? What do you do with confidence fields? Do you delete the confidence field? Does that mean you need to rev the modified timestamp or create a new ID? What happens with digital signatures for this content ?
Bret
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]