The link was messed up:
https://docs.google.com/document/d/1I5Cgqfk1Krt9EnYJZcyTLS3c5BtZ5uqvTDXI_i7OJrU/edit
From: <cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Monday, July 23, 2018 at 10:46 AM
To: "Katz, Gary" <gary.katz.ctr@dc3.mil>
Cc: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: Re: [cti-stix] FW: Suspicious Activity Object
I can't access the document; are the permissions open to the public?
-
Jason Keirstead
Lead Architect - IBM Security Cloud
www.ibm.com/security
"Things may come to those who wait, but only the things left by those who hustle." - Unknown
From: "Katz, Gary CTR DC3/TSD" <Gary.Katz.ctr@dc3.mil>
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date: 07/23/2018 11:10 AM
Subject: [cti-stix] FW: Suspicious Activity Object
Sent by: <cti-stix@lists.oasis-open.org>
It seems I was sending these emails to the wrong distro, hopefully this
works this time. Interested in everyone's thoughts
Below is a link to the Suspicious Activity Object proposal. As requested I
updated the object to use the embedded reference, similar to the Malware
proposal rather than using a relationship. Comments welcome.
https://docs.google.com/document/d/1I5Cgqfk1Krt9EnYJZcyTLS3c5BtZ5uqvTDXI_i7O
JrU/edit?usp=sharing