OASIS Cyber Threat Intelligence (CTI) TC

 View Only
  • 1.  Observable Debate

    Posted 11-01-2018 14:45
    Maybe we should do a non-binding ballot at this stage, open to all TC members not just voting members, just to get a pulse of where the TC is at.   Possible ballot question: What do you think the TC should do in regards to Observed Data and Cyber Observables based on the discussions that have been happening on the list? 1) Do nothing, leave everything as is 2) Do nothing for 2.x but target a change for 3.0 and define a timetable to start work on 3.0  3) Leave Observed Data as is, but also allow cyber observables to become top-level objects.  This would be two ways of doing something, but would not break any existing code. This would allow a transition over time.  4) Make cyber observables top-level objects and make Observed Data contain a list of embedded references (option 1 prime) 5) Change Observed Data and Relationships to allow for deep referencing (Medusa or Medusa-like solution) 6) Change Observed Data so that it becomes a generic wrapper for cyber observables and some relationships are made external and some are kept as internal (not to be confused with our use of embedded relationships). Basically option 7 with some of John Wunder's tweaks.  7) Other - User added solution  Maybe this would help us figure out how far away we are?  Maybe it could eliminate an option or two to focus the discussion? Bret