Name is the summary of the note.
If the note is verbose content then having a short ‘name’ (or summary) is very useful.
Its akin to having a subject line in an email vs having to read the entire email to understand the summary of the email.
Its an optional parameter that hardly breaks anything and adds value to certain use cases.
I don’t believe we should exclude parameters when others are suggesting it adds value to their use cases.
From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Wednesday, June 14, 2017 at 5:18 PM
To: "Werntz, Preston" <Preston.Werntz@HQ.DHS.GOV>, Sarah Kelley <Sarah.Kelley@cisecurity.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Re: [EXT] [cti] STIX action items for the full TC call on 6/15/17
For opinion, I am still concerned about the scale. I think we are leaning towards an open-vocab or ENUM of values. But I am not sure we have the fully consensus of the TC on this. Yes it has been discussed on
several working calls, but that is just a subset of this whole group. Opinion also does not have the ability to link against a specific version of an object. So you may issue an opinion but the object may have been updated and your opinion is no longer valid.
Further, I really worry that we do not have digital signatures yet. I think supporting the Opinion object before digital signatures is like putting the cart before the road.
For note, I do not agree with having a "name" on the note. I do not think it makes sense to have a "name" for a note.
Bret
From: Werntz, Preston <Preston.Werntz@HQ.DHS.GOV>
Sent: Wednesday, June 14, 2017 2:55:35 PM
To: Bret Jordan; Sarah Kelley; cti@lists.oasis-open.org
Subject: RE: [EXT] [cti] STIX action items for the full TC call on 6/15/17
Bret –
On the DHS side, we’ve been looking forward to Opinion in STIX 2.1 to help with our goal of implementing automated feedback in the Automated Indicator Sharing (AIS) initiative, so I’d like to
hear your concerns on what questions remain as that may help us think through ways to implement in AIS. Thanks!
W. Preston Werntz
Chief, Technology Services Section
National Cybersecurity and Communications Integration Center (NCCIC)
Department of Homeland Security
From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org]
On Behalf Of Bret Jordan
Sent: Wednesday, June 14, 2017 3:16 PM
To: Sarah Kelley <Sarah.Kelley@cisecurity.org>; cti@lists.oasis-open.org
Subject: [cti] Re: [EXT] [cti] STIX action items for the full TC call on 6/15/17
While I think note/intel-note and opinion are making progress, I personally do not feel like they are done enough to add to the 2.1 documents. I think there are several unanswered questions. I think they need
some more time and discussion before they are done.
Bret
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Sarah Kelley <Sarah.Kelley@cisecurity.org>
Sent: Wednesday, June 14, 2017 11:18:51 AM
To: cti@lists.oasis-open.org
Subject: [EXT] [cti] STIX action items for the full TC call on 6/15/17
On tomorrow’s working call, we will be addressing several topics that need TC consensus for moving forward with STIX 2.0 and STIX 2.1. In preparation for the meeting, please review the following:
STIX 2.0:
- The second open comment period for STIX 2.0 has closed. The suggested changes have been addressed on working calls, and the current decision on each item has
been documented in the following spreadsheet: https://docs.google.com/spreadsheets/d/1YOPONeKzc6Uu1A1MS3WkICG26LKLQOWdr-KBDzM8K6Y/edit#gid=5055878
- The TC needs to fully approve these changes before we can consider STIX 2.0 CSD to be done. There were no substantive changes made during this comment period,
so if the TC agrees to the decisions documented in the spreadsheet above, we can vote to move forward from a Committee Specification Draft (CSD) to a Committee Specification (CS).
- ACTION ITEM: Please review the spreadsheet. If you have
any objections to the decisions as listed, please comment either on the list or at the full TC meeting tomorrow. Lack of comment is considered to be agreement.
STIX 2.1
- Intel Note is ready to be moved from the STIX Working Document to the STIX 2.1 Specification Document. As such,
we agreed to open each item up for approval of the full TC. The current proposal is located here: https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.s5l7katgbp09
- ACTION ITEM: Please review this proposal. If you have any
objections to the proposal as written, please comment either on the list or at the full TC meeting tomorrow. Lack of comment is considered to be agreement with the proposal as written.
- Opinion is ready to be moved from the STIX Working Document to the STIX 2.1 Specification Document. As such, we
agreed to open each item up for approval of the full TC. The current proposal is located here: https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.haeazu2sh3sq
- ACTION ITEM: Please review this proposal. If you have
any objections to the proposal as written, please comment either on the list or at the full TC meeting tomorrow. Lack of comment is considered to be agreement with the proposal as written.
The deadline for feedback/comments is Saturday June 17th. This will allow us to open a CS ballot next week.
Thanks,
Sarah Kelley
Senior Cyber Threat Analyst
Multi-State Information Sharing and Analysis Center (MS-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061
518-266-3493
24x7 Security Operations Center
SOC@cisecurity.org - 1-866-787-4722
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this
message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . . . .