Yes, that would be a correct way of doing that.
Bret Sent from my Commodore 64
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 On May 28, 2020, at 12:47 AM, Jessie(TWNCERT) <jessie@twncert.org.tw> wrote:
ïHi Forum members,
First of all, thanks Bret for answering the questions previously.
We had a lot's discussion in our organization and it's a bit tricky for us to get a consensus.
One scenario is that our detection mechanism detects some suspicious connections from X company, so we share this information with X company.
In this scenario, X company is modeled using STIX Identity Object. Detection mechanism is modeled using STIX Identity Object. Suspicious connections are modeled using STIX Observed Data and Sighting Objects. Then we use STIX Grouping object to group all data together in order to share the information with A company.
Is it the correct way using STIX Objects? Or could anyone provide some examples for us to clarify the meaning of Grouping Object?
Thanks, Jessie Chuang
This publicly archived list provides a forum for asking questions, offering answers, and discussing topics of interest on STIX, TAXII, and CybOX. Users and developers of solutions that leverage STIX, TAXII and CybOX are invited to participate.
In order to verify user consent to OASIS mailing list guidelines and to minimize spam in the list archive, subscription is required before posting.
Subscribe: cti-users-subscribe@lists.oasis-open.org Unsubscribe: cti-users-unsubscribe@lists.oasis-open.org Post: cti-users@lists.oasis-open.org List help: cti-users-help@lists.oasis-open.org List archive: http://lists.oasis-open.org/archives/cti-users/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php CTI Technical Committee: https://www.oasis-open.org/committees/cti/ Join OASIS: http://www.oasis-open.org/join/
|