[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: RE: [cti] Missing MTI - what to do?
What I mean is if I create a STIX document and push it to a TAXII server on a channel, I expect anyone else subscribed to that channel should either receive the document as I created it, or not receive it at all. I myself do not think TAXII should be diving into the STIX and modifying the documents, removing attributes from them.
Imagine if some vendors got together and made a tempoary extension to the indicator property called "Risk" or something, but whenever a producer sent it onto the wire, the TAXII server stripped it off. That value might be useful for a consumer.. the TAXII server has no idea what values will be of use to whom, it should not be stripping off a property just because it doesn't recognize it.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
John-Mark Gurney ---02/01/2016 03:41:36 PM---On Sat, Jan 30, 2016 at 6:26 AM, Jason Keirstead <Jason.Keirstead@ca.ibm.com > wrote:
From: John-Mark Gurney <jmg@newcontext.com>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: cti@lists.oasis-open.org
Date: 02/01/2016 03:41 PM
Subject: Re: RE: [cti] Missing MTI - what to do?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]