OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Re: Observable Patterning


I think the question is more about
"If you see this, do something"
vs
"If you see this doing that, do something"

"The difference between stupidity and genius is that genius has its
limits. Albert Einstein.", but I don't see why, when established, it
could not be extended (being from new CybOX objects or new entries in
a controlled vocabulary) (I found the examples provided potential
valid use cases)



2015-09-24 20:30 GMT+04:00 Trey Darley <trey@soltra.com>:
> How far down the rabbit hole do you want to go? If we extend the notion of
> indicators to try and encapsulate non-technical indicators of human
> misbehavior, where do you stop? Shall we incorporate criminal background
> check data, HR interventions, traffic tickets, and credit scores into CybOX?
> Where do you stop? How is this data going to be actionable at the machine
> level?
>
>
> Maybe one day we *do* want to go there but first let's nail down what we've
> already got in front of us.
>
>
> Cheers,
> Trey
> --
> Trey Darley
> Senior Security Engineer
> Soltra | An FS-ISAC & DTCC Company
> www.soltra.com
>
>
> ________________________________
> From: Wynn, Jackson E. <jwynn@mitre.org>
> Sent: Thursday, September 24, 2015 16:08
> To: Kirillov, Ivan A.; Davidson II, Mark S; Trey Darley;
> cti@lists.oasis-open.org
> Subject: RE: Observable Patterning
>
>
> Does the focus on technical indicators, and patterns, preclude more abstract
> or generalized indicators, e.g., anomalous network traffic, afterhours
> printing, excessive account lockouts, etc.?
>
>
>
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]