[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Summary of the working call
On 22/08/17 22:12, Sarah Kelley wrote: > On today’s working call, we discussed the event object. We didn’t have someone taking full notes, but I’ll try to summarize what was discussed below. > > > 1. The event object should be scoped down to just an IR type of event/incident. This would need to be clarified in the text, but that would then scope out some of our other use cases such as: > * An ‘alert’ coming into your system > * An ‘event’ such as a threat actor registering a domain > * The MISP version of ‘event’ As our past proposals (event and updated report) were rejected and seeing how despite expectations the new event SDO won't accommodate the requirements of many CERTs and considering that we need to move on regarding this, we propose a new SDO called generic event to be able to map MISP events to STIX. https://www.misp-project.org/generic-event-proposal-STIX-2.1.pdf Thank you very much -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg info@circl.lu - www.circl.lu - (+352) 247 88444 --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]