OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] RE: Initial stab at grouping-context-ov values based on real-world use cases


On 26.10.2017 21:02:07, Katz, Gary CTR DC3\DCCI wrote:
> 
> In my view this is a key distinction between the
> suspicious-activity-event and the other grouping types. For the
> other grouping types, we have ways to relate the data together,
> either through a malware object, an intrusion set object, a campaign
> object, threat actor object, etc. In the case of the
> suspicious-activity-event, that IS the object to provide context and
> relate that data together.
> 

+100, Gary.

-- 
Cheers,
Trey
++--------------------------------------------------------------------------++
Director of Standards Development, New Context
gpg fingerprint: 3918 9D7E 50F5 088F 823F  018A 831A 270A 6C4F C338
++--------------------------------------------------------------------------++
--
"Mathematicians are like Frenchmen: whatever you say to them they
translate into their own language and forthwith it is something
entirely different." --Johann Wolfgang von Goethe

Attachment: signature.asc
Description: Digital signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]