OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] Time Ranges


I like the original names as they provide a level of semantic clarity that is not provided by time1, time2….etc without having to read a spec on what is the definition of time1, time2.

 

From an object model in a database/product vendors can normalize the names to time1, time2 if they wish. But this protocol is a data exchange and clarity is better with the explicit names.

 

Allan Thomson

CTO (+1-408-331-6646)

LookingGlass Cyber Solutions

From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Friday, April 6, 2018 at 2:10 PM
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: [cti-stix] Time Ranges

 

I just wanted to make sure everyone was aware that we now have 5 different ways of representing time ranges in STIX...  Since we tend to split hairs on names, maybe they should just all be named time1 and time2 or do a single field with a dash "-" between the two values and call it "time_window" or "time_range" or something. 

 

Relationship Object

start_time

stop_time

 

Indicator Object

valid_from

valid_until

 

Campaign, Intrusion Set, Malware

first_seen

last_seen

 

Malware Analysis Type

start_time

end_time

 

Observed Data

first_observed

last_observed

 

Bret

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]