OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Observable Patterning


How far down the rabbit hole do you want to go? If we extend the notion of indicators to try and encapsulate non-technical indicators of human misbehavior, where do you stop? Shall we incorporate criminal background check data, HR interventions, traffic tickets, and credit scores into CybOX? Where do you stop? How is this data going to be actionable at the machine level?


Maybe one day we *do* want to go there but first let's nail down what we've already got in front of us. 


Cheers,
Trey
--
Trey Darley
Senior Security Engineer
Soltra | An FS-ISAC & DTCC Company
www.soltra.com



From: Wynn, Jackson E. <jwynn@mitre.org>
Sent: Thursday, September 24, 2015 16:08
To: Kirillov, Ivan A.; Davidson II, Mark S; Trey Darley; cti@lists.oasis-open.org
Subject: RE: Observable Patterning
 

Does the focus on technical indicators, and patterns, preclude more abstract or generalized indicators, e.g., anomalous network traffic, afterhours printing, excessive account lockouts, etc.?

 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]