For the numerical value of " Confidence cannot be evaluated ", could we use "-1" ? - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown Alexandre Dulaunoy ---09/12/2016 12:36:12 PM---Dear, Following the recent and good discussions at the TC, here is a proposal of confidence From: Alexandre Dulaunoy <
Alexandre.Dulaunoy@circl.lu> To:
cti-stix@lists.oasis-open.org, OASIS CTI TC Discussion List <
cti@lists.oasis-open.org> Date: 09/12/2016 12:36 PM Subject: [cti] Proposal of confidence level using MISP taxonomies Sent by: <
cti@lists.oasis-open.org> Dear, Following the recent and good discussions at the TC, here is a proposal of confidence level that we will implement in MISP via the misp-taxonomies: { "predicate": "confidence-level", "entry": [ { "expanded": "Completely confident", "value": "completely-confident", "numerical_value": 100 }, { "expanded": "Usually confident", "value": "usually-confident", "numerical_value": 75 }, { "expanded": "Fairly confident", "value": "fairly-confident", "numerical_value": 50 }, { "expanded": "Rarely confident", "value": "rarely-confident", "numerical_value": 25 }, { "expanded": "Unconfident", "value": "unconfident", "numerical_value": 0 }, { "expanded": "Confidence cannot be evaluated", "value": "confidence-cannot-be-evalued" } ] }
https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L31 Feedback welcome. I also included the original slides I gave during the TC in Brussels. I'll summarize the various options of integration with the taxonomies in STIX in another email. Cheers. -- Alexandre Dulaunoy CIRCL - Computer Incident Response Center Luxembourg 41, avenue de la gare L-1611 Luxembourg
info@circl.lu -
www.circl.lu [attachment "misp-OASIS-TC-Brussels-2016.pdf" deleted by Jason Keirstead/CanEast/IBM] --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php