cti-stix message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-stix] Why do we have first_seen / last_seen on Intrusion Set but not on Threat Actor?
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: Trey Darley <trey.darley@cert.be>
- Date: Fri, 14 Jun 2019 08:38:24 -0300
You could say the
same thing for Attack Pattern.
This goes back
to the "TTP objects vs non-TTP objects" discussion from last
week's working call & Brett's spreadsheet. There are a subset of SDOs
which are used to communicate TTPs, that when you look at them objectively
*should* have a common set of base properties. But we did not do that,
there is a lot of inconsistency.
-
Jason Keirstead
Lead Architect - IBM Security Connect
www.ibm.com/security
"Would you like me to give you a formula for success? It's quite simple,
really. Double your rate of failure."
- Thomas J. Watson
From:
Trey
Darley <trey.darley@cert.be>
To:
OASIS
CTI TC STIX SC list <cti-stix@lists.oasis-open.org>
Date:
06/14/2019
08:13 AM
Subject:
[EXTERNAL]
[cti-stix] Why do we have first_seen / last_seen on Intrusion Set but not
on Threat Actor?
Sent
by: <cti-stix@lists.oasis-open.org>
Hey, y'all -
Somehow this escaped me until now. Was this an intentional decision or
is this an accidental omission?
--
Cheers,
Trey Darley
Co-Chair, OASIS CTI TC
CTI Strategist, CERT.be
--
CERT.be
Centre for Cyber Security Belgium
Mail: trey.darley@cert.be
GPG: CA5B 29E4 937E 151E 2550 6607 AE9A 7FF2 8000 0E4E
--
Under the authority of the Prime Minister
Wetstraat 16 - 1000 Brussels - Belgium
Visiting address : Rue Ducale 4 â 1000 Brussels â Belgium
Contact: https://www.cert.be
[attachment "signature.asc" deleted by Jason Keirstead/CanEast/IBM]
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]