Awesome, thank you both. I’ll reach out to get some discussions started. From: Jason Keirstead <
Jason.Keirstead@ca.ibm.com> Sent: Wednesday, April 25, 2018 1:27 PM To: Bret Jordan <
Bret_Jordan@symantec.com> Cc:
cti-stix@lists.oasis-open.org; Katz, Gary CTR DC3/TSD <
Gary.Katz.ctr@dc3.mil> Subject: [Non-DoD Source] Re: [cti-stix] Re: [EXT] [cti-stix] Suspicious Activity / Event / Incident Object I also will help. We need this object. - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security "Things may come to those who wait, but only the things left by those who hustle." - Unknown From: Bret Jordan <
Bret_Jordan@symantec.com> To: "Katz, Gary CTR DC3/TSD" <
Gary.Katz.ctr@dc3.mil>, "cti-stix@lists.oasis-open.org" <
cti-stix@lists.oasis-open.org> Date: 04/25/2018 01:52 PM Subject: [cti-stix] Re: [EXT] [cti-stix] Suspicious Activity / Event / Incident Object Sent by: <
cti-stix@lists.oasis-open.org> I support this and will help. Bret From:
cti-stix@lists.oasis-open.org <
cti-stix@lists.oasis-open.org> on behalf of Katz, Gary CTR DC3/TSD <
Gary.Katz.ctr@dc3.mil> Sent: Wednesday, April 25, 2018 9:08:35 AM To:
cti-stix@lists.oasis-open.org Subject: [EXT] [cti-stix] Suspicious Activity / Event / Incident Object Thank you to everyone for providing some time and valuable thoughts on the inclusion of a suspicious-activity/incident/event/whatever else you want to call it object yesterday. Based upon the comments, I would like to continue working on this SDO and determine if we have support to bring this forward. Please let me know if you or your organization would be interested in providing inputs on the specification for this object and provide support for it to be included into the spec. I have an initial draft for the object, but as noted, it is a draft and inputs from other stakeholders would be valuable. Thanks, -Gary Attachment: smime.p7s Description: S/MIME cryptographic signature