cti-users message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Indicator Type / Vocabulary Implementation Questions
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: cti-users@lists.oasis-open.org
- Date: Thu, 22 Oct 2015 12:18:27 -0300
HI all, I am producing some new STIX content in an automated fashion, and am looking for feedback on my planned usage of indicator types:
As with many things STIX, the way you do this is so wide open, it makes implementation decisions difficult
@see http://stixproject.github.io/data-model/1.2/stixVocabs/IndicatorTypeVocab-1.1/
So essentially, I can stick to the default vocabulary, *OR* I can define my own vocabulary, *OR* I can use it as a free-form string.
The problem i have with the default vocabulary, is this list is very restrictive, and there is no "Other" type.
First question - Has there ever been thought to extending this vocabulary, or adding an "Other" type that one could then annotate in some way? I haven't seen this question come up on the STIX list.
Second question - My other problem is, I can't define a new fixed vocabulary because this is user-generated stuff. I pretty much am stuck with either using the fixed vocabulary, or letting the user type in whatever they want. How many people are sticking to the controlled vocabulary here? If I use this as a free-form string, will it cause some tools to blow up? Anyone have experience here?
-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]