[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] [EXT] [cti] STIX action items for the full TC call on 6/15/17
Fair enough. Good, reasoned response. Thanks Rich. Patrick Maroney Pat, In the case of machine-generated “opinions” about CTI objects, it may not always be possible to have a useful prose description. I could also imagine cases where humans may want to disagree with an object but are not at liberty to explain
why right now. In practice I think you will see people using the description – I don’t think making it required would make much of a difference. Rich From: <cti@lists.oasis-open.org> on behalf of Patrick Maroney <pmaroney@wapacklabs.com> Note that the following are not strongly held views, but want to provide requested responses to the proposed Opinion Object: (1) If I'm going to challenge the assertions of another Analyst/Organization, then I believe that some narrative basis for my counter-assertions should be "Required". Therefore, this description should not be optional. (2) Arguing for attribution of one challenging someone's assertion is a slippery slope, so will defer to consensus on this point. (3) Perspectives on "Scales" previously expressed. Patrick Maroney Principal Engineer - Data Science & Analytics Wapack Labs LLC (609)841-5104 On Jun 15, 2017, at 9:04 AM, Allan Thomson <athomson@lookingglasscyber.com> wrote: Name is the summary of the note. If the note is verbose content then having a short ‘name’ (or summary) is very useful. Its akin to having a subject line in an email vs having to read the entire email to understand the summary of the email. Its an optional parameter that hardly breaks anything and adds value to certain use cases. I don’t believe we should exclude parameters when others are suggesting it adds value to their use cases. From: "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com> For opinion, I am still concerned about the scale. I think we are leaning towards an open-vocab or ENUM of values. But I am not sure we have the fully consensus of the TC on this.
Yes it has been discussed on several working calls, but that is just a subset of this whole group. Opinion also does not have the ability to link against a specific version of an object. So you may issue an opinion but the object may have been updated and
your opinion is no longer valid. Further, I really worry that we do not have digital signatures yet. I think supporting the Opinion object before digital signatures is like putting the cart before the road. For note, I do not agree with having a "name" on the note. I do not think it makes sense to have a "name" for a note. Bret From: Werntz, Preston <Preston.Werntz@HQ.DHS.GOV> Bret – On the DHS side, we’ve been looking forward to Opinion in STIX 2.1 to help with our goal of implementing automated feedback in the Automated Indicator Sharing (AIS) initiative, so I’d
like to hear your concerns on what questions remain as that may help us think through ways to implement in AIS. Thanks! W. Preston Werntz Chief, Technology Services Section National Cybersecurity and Communications Integration Center (NCCIC) Department of Homeland Security From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On
Behalf Of Bret Jordan While I think note/intel-note and opinion are making progress, I personally do not feel like they are done enough to add to the 2.1 documents. I think there are several unanswered
questions. I think they need some more time and discussion before they are done. Bret From: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
on behalf of Sarah Kelley <Sarah.Kelley@cisecurity.org> On tomorrow’s working call, we will be addressing several topics that need TC consensus for moving forward with STIX 2.0 and STIX 2.1. In preparation for the meeting, please review the following: STIX 2.0:
STIX 2.1
The deadline for feedback/comments is Saturday June 17th. This will allow us to open a CS ballot next week. Thanks, Sarah Kelley Senior Cyber Threat Analyst Multi-State Information Sharing and Analysis Center (MS-ISAC) 31 Tech Valley Drive East Greenbush, NY 12061 518-266-3493 24x7 Security Operations Center SOC@cisecurity.org - 1-866-787-4722 This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination,
distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]