OASIS Cyber Threat Intelligence (CTI) TC

  • 1.  Re: [cti] Boilerplate change suggestion

    Posted 04-25-2019 17:13




    I like your proposed change.
     

    Sean Barnum
    Principal Architect
    FireEye
    M: 703.473.8262
    E: sean.barnum@fireeye.com

     

    From: <cti@lists.oasis-open.org> on behalf of Emily Ratliff <Emily.Ratliff@ibm.com>
    Date: Thursday, April 25, 2019 at 12:34 PM
    To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
    Subject: [cti] Boilerplate change suggestion


     

    Hi,

    Coming new to the spec, I found the following boilerplate in STIX difficult to wrap my mind around:

    "The reverse relationships (relationships "to" the Infrastructure object) are included as a convenience. For their definitions, please see the objects for which they represent a "from" relationship."

    In particular, the clause "for which they represent a 'from' relationship" took several moments to grok and I don't believe that I am alone based on some discussions.

    I would like to propose the following alternative text:

    Reverse relationships indicate relationships targeting this object by other objects. They are included here for convenience. For their definitions, please see the "Source" object.





    Thanks!


    Emily


    Emily Ratliff
    STSM, IBM Security Research Initiative Lead








     











    Phone: 1-512-286-9947
    Mobile: 1-512-653-1052
    E-mail: Emily.Ratliff@ibm.com


    11501 Burnet Rd
    Austin, TX 78758-3400
    United States




     




    This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited.
    If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.





  • 2.  Re: [cti] Boilerplate change suggestion

    Posted 04-25-2019 17:46




    I second Sean;s comments.  Your description is much clearer and easier to understand.
     
     
    Paul Patrick
     
     

    From: <cti@lists.oasis-open.org> on behalf of Sean Barnum <sean.barnum@FireEye.com>
    Date: Thursday, April 25, 2019 at 1:13 PM
    To: Emily Ratliff <Emily.Ratliff@ibm.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
    Subject: Re: [cti] Boilerplate change suggestion


     

    I like your proposed change.
     

    Sean Barnum
    Principal Architect
    FireEye
    M: 703.473.8262
    E: sean.barnum@fireeye.com

     

    From: <cti@lists.oasis-open.org> on behalf of Emily Ratliff <Emily.Ratliff@ibm.com>
    Date: Thursday, April 25, 2019 at 12:34 PM
    To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
    Subject: [cti] Boilerplate change suggestion


     

    Hi,

    Coming new to the spec, I found the following boilerplate in STIX difficult to wrap my mind around:

    "The reverse relationships (relationships "to" the Infrastructure object) are included as a convenience. For their definitions, please see the objects for which they represent a "from" relationship."

    In particular, the clause "for which they represent a 'from' relationship" took several moments to grok and I don't believe that I am alone based on some discussions.

    I would like to propose the following alternative text:

    Reverse relationships indicate relationships targeting this object by other objects. They are included here for convenience. For their definitions, please see the "Source" object.





    Thanks!


    Emily


    Emily Ratliff
    STSM, IBM Security Research Initiative Lead








     











    Phone: 1-512-286-9947
    Mobile: 1-512-653-1052
    E-mail: Emily.Ratliff@ibm.com


    11501 Burnet Rd
    Austin, TX 78758-3400
    United States




     




    This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is
    strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.


    This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited.
    If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.