[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] RE: Initial stab at grouping-context-ov values based on real-world use cases
On 26.10.2017 21:02:07, Katz, Gary CTR DC3\DCCI wrote: > > In my view this is a key distinction between the > suspicious-activity-event and the other grouping types. For the > other grouping types, we have ways to relate the data together, > either through a malware object, an intrusion set object, a campaign > object, threat actor object, etc. In the case of the > suspicious-activity-event, that IS the object to provide context and > relate that data together. > +100, Gary. -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "Mathematicians are like Frenchmen: whatever you say to them they translate into their own language and forthwith it is something entirely different." --Johann Wolfgang von Goethe
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]