[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-stix] Time Ranges
Agreed. Plus, we spent many hours wrapped around the axle about which version of “start” and “end” was appropriate for each object. I think we should leave it, as some were hard fought battles.
Sarah Kelley Senior Cyber Threat Analyst Multi-State Information Sharing and Analysis Center (MS-ISAC) Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) 31 Tech Valley Drive East Greenbush, NY 12061 518-266-3493 24x7 Security Operations Center SOC@cisecurity.org - 1-866-787-4722
From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org]
On Behalf Of Wunder, John A.
+1 to Allan. The fields meaning something to humans is more important than having consistency for code. From: <cti-stix@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com> I like the original names as they provide a level of semantic clarity that is not provided by time1, time2….etc without having to read a spec on what is the definition of time1, time2. From an object model in a database/product vendors can normalize the names to time1, time2 if they wish. But this protocol is a data exchange and clarity is better with the explicit names. Allan Thomson CTO (+1-408-331-6646) From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
on behalf of Bret Jordan <Bret_Jordan@symantec.com> Relationship Object start_time stop_time Indicator Object valid_from valid_until Campaign, Intrusion Set, Malware first_seen last_seen Malware Analysis Type start_time end_time Observed Data first_observed last_observed Bret
. . . . . |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]