OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-users] Questions about the Incident object in STIX 2.1

Greetings,

I would like to have this opportunity to suggest taking into consideration:
IETF MILE Working group work https://datatracker.ietf.org/wg/mile/about/
IETF IODEF (rfc5070)
VERISÂhttp://veriscommunity.net/

Best regards




On Tue, May 5, 2020 at 7:47 PM Bret Jordan <jordan2175@gmail.com> wrote:
Jessie,

Thanks for your email and your question. The CTI Technical Committee was unable to finish identifying the exact requirements and needs for an incident object for STIX 2.1. However, what the technical committee was able to add is a Grouping object that would allow organizations to group data together with defined context. The actual incident object is still on the list of things that need to be addressed. If you have ideas for what you would like to see, or if you have an information model already developed, please either join the technical committee at OASIS or sent your proposal through the TCâs public comment email list.

The following URL will give you information on how to submit a comment, suggestion, or proposal to the technical committee:Âhttps://www.oasis-open.org/committees/comments/index.php?wg_abbrev=cti


Thanks for your interest in STIX and TAXII 2.1

Bret




On May 5, 2020, at 4:01 AM, Jessie(TWNCERT) <jessie@twncert.org.tw> wrote:

Hi Forum members,

We are planning to use STIX 2.1 in our organization and we notice that the
Incident object is reserved.

Due to one of the key missions of our organization is to receive and share
Incident information with our partners, we need the Incident object to share
the information.

It would be appreciated if you could provide us more details and clarify
some of the doubts about the Incident object at the present stage.

1. As Incident object is reserved, we are wondering in which STIX version
would define it? (STIX 2.1.X or 2.x?)

2. We found the document online mentioned the Event object. Is it the same
meaning as Incident object?
(https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8
I3b4/edit#heading=h.5ol9xlbbnrdn)

Thanks,
Jessie Chuang



This publicly archived list provides a forum for asking questions,
offering answers, and discussing topics of interest on STIX,
TAXII, and CybOX. Users and developers of solutions that leverage
STIX, TAXII and CybOX are invited to participate.

In order to verify user consent to OASIS mailing list guidelines
and to minimize spam in the list archive, subscription is required
before posting.

Subscribe: cti-users-subscribe@lists.oasis-open.org
Unsubscribe: cti-users-unsubscribe@lists.oasis-open.org
Post: cti-users@lists.oasis-open.org
List help: cti-users-help@lists.oasis-open.org
List archive: http://lists.oasis-open.org/archives/cti-users/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
CTI Technical Committee: https://www.oasis-open.org/committees/cti/
Join OASIS: http://www.oasis-open.org/join/


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]