[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] ThreatActor associated with a Sighting?
I am new to STIX and have a question about how to use it. Suppose that a sighting of some indicator can give us knowledge of which threat actor is involved. In that case, I would want to associate a STIX ThreatActor with a Sighting, but I don’t see how to do that using STIX 1.2. I see how the Indicator can be related to a ThreatActor through a Campaign, but I need to associate a specific ThreatActor to a specific Sighting. Is this the wrong way to use Indicators and Sightings?
Alex Memory
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]