cti message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti] Slides for Working Call Tomorrow
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: Allan Thomson <athomson@lookingglasscyber.com>
- Date: Wed, 10 Apr 2019 21:55:00 -0400
I can attest that when this was crafted
(with stateful SIEM-like rules in mind), an "exact match" was
what was envisioned. A follow on match would be a second, discrete result.
If that needs clarifying in the document
we should do that.
-
Jason Keirstead
Lead Architect - IBM Security Connect
www.ibm.com/security
"Things may come to those who wait, but only the things left by those
who hustle." - Unknown
From:
Allan Thomson <athomson@lookingglasscyber.com>
To:
Emily Ratliff <Emily.Ratliff@ibm.com>,
"cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date:
04/09/2019 08:38 PM
Subject:
Re: [cti] Slides
for Working Call Tomorrow
Sent by:
<cti@lists.oasis-open.org>
Emily â thanks for the proposals.
On item #146.
The example you shared:
[ b ] FOLLOWEDBY [ c ] REPEATS 5 TIMES
It seems that this should be equivalent
to EXACTLY 5 times. Not AT LEAST 5 times. If that was the intent then we
really should use a different _expression_.
[ b ] FOLLOWEDBY [ c ] REPEATS >= 5
TIMES
- Would seem to clarify whether it is equals
or greater-than-equals and is unambiguous.
Allan
From: "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org> on behalf of Emily Ratliff <Emily.Ratliff@ibm.com>
Date: Tuesday, April 9, 2019 at 11:49 AM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] Slides for Working Call Tomorrow
Slides for the GitHub issues.
Thanks!
Emily
Emily Ratliff STSM, IBM Security Research Initiative Lead |
|
|
Phone:1-512-286-9947|
Mobile:1-512-653-1052 E-mail:Emily.Ratliff@ibm.com | 11501 Burnet Rd Austin, TX 78758-3400 United States |
From: Bret
Jordan <Bret_Jordan@symantec.com>
To: "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org>
Date: 04/08/2019
03:52 PM
Subject: [cti]
Slides for Working Call Tomorrow
Sent by: <cti@lists.oasis-open.org>
All,
Here are the slides for the working call
tomorrow.
Bret
[attachment "2019-04-08 Working Call.pdf"
deleted by Emily Ratliff/US/IBM]
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]