| Yes, that would be a correct way of doing that.
Bret Sent from my Commodore 64
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 On May 28, 2020, at 12:47 AM, Jessie(TWNCERT) <jessie@twncert.org.tw> wrote:
ïHi Forum members,
First of all, thanks Bret for answering the questions previously.
We had a lot's discussion in our organization and it's a bit tricky for us
to get a consensus.
One scenario is that our detection mechanism detects some suspicious
connections from X company, so we share this information with X company.
In this scenario,
X company is modeled using STIX Identity Object.
Detection mechanism is modeled using STIX Identity Object.
Suspicious connections are modeled using STIX Observed Data and Sighting
Objects.
Then we use STIX Grouping object to group all data together in order to
share the information with A company.
Is it the correct way using STIX Objects? Or could anyone provide some
examples for us to clarify the meaning of Grouping Object?
Thanks,
Jessie Chuang
This publicly archived list provides a forum for asking questions,
offering answers, and discussing topics of interest on STIX,
TAXII, and CybOX. Users and developers of solutions that leverage
STIX, TAXII and CybOX are invited to participate.
In order to verify user consent to OASIS mailing list guidelines
and to minimize spam in the list archive, subscription is required
before posting.
Subscribe: cti-users-subscribe@lists.oasis-open.org
Unsubscribe: cti-users-unsubscribe@lists.oasis-open.org
Post: cti-users@lists.oasis-open.org
List help: cti-users-help@lists.oasis-open.org
List archive: http://lists.oasis-open.org/archives/cti-users/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
CTI Technical Committee: https://www.oasis-open.org/committees/cti/
Join OASIS: http://www.oasis-open.org/join/
|