Here is a picture to hopefully make things clear. Note, I do not have real icons for everything yet... I just wanted to help people see how it might fit together... Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg. On Apr 7, 2016, at 14:24, Aharon Chernin <
achernin@soltra.com > wrote: If you find yourself wanting to change/modify a lot of the fields included in these objects it may be due to you not agreeing with the proposed object definition. I’d like the list to carefully review the definitions for each: indicator, observation, and sighting. If we can all agree on the definitions, the likelihood for us to agree on what exactly they top level objects do will increase. Aharon From: <
cti-stix@lists.oasis-open.org > on behalf of Wunder, John A. <
jwunder@mitre.org > Date: Thursday, April 7, 2016 at 4:12 PM To:
cti-stix@lists.oasis-open.org <
cti-stix@lists.oasis-open.org > Subject: [cti-stix] Sighting, Observation, and Indicator updated Hey folks, A group of us spent some time hashing through how sighting, observation, and indicator work together (notional tie-in to CybOX and patterning). It’s all reflected in the pre-draft specs for STIX:
https://docs.google.com/document/d/1F1c05GgYaJFV1Z04B8c_T3vEE-LRQTPExF24LvOQAsk/edit We’ve had pretty good agreement on this so I think at this point we’re ready to move into the review phase. Please take a look at these definitions, fields, and examples and see if they work for you. PS: The “kind of indicator” (indicator type, indicator category) vocabulary discussion kind of stalled. Who’s interested in that topic? Can we get a small group to work together to make progress on that and bring back a proposal? As a reminder, there was also a suggestion to split that single field into a field for pattern type and a field for threat type. John Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail