[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Incident Time Fidelity Write Up
|
I had shared this in Slack, but also wanted to send out an email version as well. This is a write-up for a proposal to allow the Incident object to record the fidelity level of attacker activity start time / end times as well as the timestamps associated with
defender activities.
The purpose of this proposal is to allow the usage of the current timestamp format while allowing systems to effectively communicate extremely low fidelity time records since when reporting incidents within a mandatory time window it is common to just list
the day something occurred before further windowing it to the hour. As such being able to capture this instead of assuming second level accuracy in all cases is extremely beneficial.
//SIGNED//
Jeffrey Mates, Civ DC3/TSD Computer Scientist Technical Solutions Development 410-694-4335 |
Attachment:
STIX Incident Time Fidelity.docx
Description: STIX Incident Time Fidelity.docx
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]