[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Working call agenda for Tuesday 2/28
|
All, We are going to have a confidence meeting directly after the working call meeting today. Those interested in discussing confidence and the scales being used to express confidence should try
to attend today starting at 12 EST. The bridge will be the same one used for the working call. Thanks, Sarah Kelley Senior Cyber Threat Analyst Center for Internet Security (CIS) Integrated Intelligence Center (IIC) Multi-State Information Sharing and Analysis Center (MS-ISAC) 1-866-787-4722 (7×24 SOC) Email: cert@cisecurity.org Follow us @CISecurity From: <cti@lists.oasis-open.org> on behalf of Sarah Kelley <Sarah.Kelley@cisecurity.org> The agenda for tomorrow’s working call will include: ·
Intel note
o
Proposal: https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.74spnst8naxc
o
Open questions include:
§
Created by ref vs. author. If we use both, how do we clarify when to use which?
§
If we use both, does that mean we should add an author property onto any other SDOs (or all of them)?
§
Do we need to clarify that an Intel Note is more “off the cuff” analysis? I believe there was some concern about knowing when to use Intel Note vs other SDOs
·
Opinion
o
Proposal: https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.haeazu2sh3sq
o
Open questions include:
§
Do we want a description field on opinion? If so, is there too much overlap with Intel Note? (there isn’t one currently in the proposal, but one can be added back in if we agree
it should be there)
§
Are Intel note and Opinion too similar? How can we clarify their purpose and make it less confusing?
§
What scale do we want to use to represent an opinion?
·
0-100 (same as confidence or somehow with a different meaning than confidence, which could get confusing)
·
-100 – 100 (with negatives meaning ‘disagree’)
·
‘strongly agree’, ‘agree’, ‘neutral’, ‘disagree’, ‘strongly disagree’
·
others?
§
Are people creating Opinions going do offer up suggestions for corrections, and if so, should we make a property for that?
·
Ex: “You said that this was linked to PandaCat, but our analysis shows that this is more likely to be FlameDragonCrew”
§
What can we do (perhaps in TAXII) to allow people to drop opinion objects if they don’t want to see them?
·
(if time) Location
o
There are two proposals, the first is attached to this email. The second is located here:
https://docs.google.com/document/d/1SrwLhO-glQ9dnkj3BYfSd9ITr_L7Ai_JEnn1tqEO_dg/edit#heading=h.hqzx1hu0izya
o
If there’s time, we’ll discuss the difference between these approaches and see if we can determine which direction people are leaning.
Thanks,
Sarah Kelley Senior Cyber Threat Analyst Center for Internet Security (CIS) Integrated Intelligence Center (IIC) Multi-State Information Sharing and Analysis Center (MS-ISAC) 1-866-787-4722 (7×24 SOC) Email: cert@cisecurity.org Follow us @CISecurity This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of
this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . . |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]