[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] Indicator Type / Vocabulary Implementation Questions
I agree to all of the below. :-) On 10/22/15, 11:31 AM, "cti-users@lists.oasis-open.org on behalf of Jerome Athias" <cti-users@lists.oasis-open.org on behalf of athiasjerome@gmail.com> wrote: >1) We should establish a review/enhancement/update process for the >default controlled vocabularies. >(reuse was good but needs to evolve) > >2) Tools should not cry, but 'Other' in general will lead to bad >scenarios (bad statistics/metrics and automation...) > >Note that use of an Ontology (where 'synonyms' are defined) would help >solving this issue. > > > > > > > >2015-10-22 18:18 GMT+03:00 Jason Keirstead <Jason.Keirstead@ca.ibm.com>: >> HI all, I am producing some new STIX content in an automated fashion, and am >> looking for feedback on my planned usage of indicator types: >> >> As with many things STIX, the way you do this is so wide open, it makes >> implementation decisions difficult >> >> >> "The default vocabulary type is IndicatorTypeVocab-1.1 in the >> http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined >> in the stix_default_vocabularies.xsd file or at the URL >> http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd. >> Users may also define their own vocabulary using the type extension >> mechanism, specify a vocabulary name and reference using the attributes, or >> simply use this as a string field." >> >> >> @see >> http://stixproject.github.io/data-model/1.2/stixVocabs/IndicatorTypeVocab-1.1/ >> >> So essentially, I can stick to the default vocabulary, *OR* I can define my >> own vocabulary, *OR* I can use it as a free-form string. >> >> The problem i have with the default vocabulary, is this list is very >> restrictive, and there is no "Other" type. >> >> First question - Has there ever been thought to extending this vocabulary, >> or adding an "Other" type that one could then annotate in some way? I >> haven't seen this question come up on the STIX list. >> >> Second question - My other problem is, I can't define a new fixed vocabulary >> because this is user-generated stuff. I pretty much am stuck with either >> using the fixed vocabulary, or letting the user type in whatever they want. >> How many people are sticking to the controlled vocabulary here? If I use >> this as a free-form string, will it cause some tools to blow up? Anyone have >> experience here? >> >> >> >> - >> Jason Keirstead >> Product Architect, Security Intelligence, IBM Security Systems >> www.ibm.com/security | www.securityintelligence.com >> >> Without data, all you are is just another person with an opinion - Unknown >> > >This publicly archived list provides a forum for asking questions, >offering answers, and discussing topics of interest on STIX, >TAXII, and CybOX. Users and developers of solutions that leverage >STIX, TAXII and CybOX are invited to participate. > >In order to verify user consent to OASIS mailing list guidelines >and to minimize spam in the list archive, subscription is required >before posting. > >Subscribe: cti-users-subscribe@lists.oasis-open.org >Unsubscribe: cti-users-unsubscribe@lists.oasis-open.org >Post: cti-users@lists.oasis-open.org >List help: cti-users-help@lists.oasis-open.org >List archive: http://lists.oasis-open.org/archives/cti-users/ >List Guidelines: http://www.oasis-open.org/maillists/guidelines.php >CTI Technical Committee: https://www.oasis-open.org/committees/cti/ >Join OASIS: http://www.oasis-open.org/join/ >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]