CTI STIX Subcommittee

  • 1.  Event proposals

    Posted 09-21-2017 14:59


    All,
     
    Since we’ll be mentioning the Event proposals on the Full-TC meeting today, I thought it would be a good idea to send out the various proposals so people can take a look at them.
     
    The proposal for one Event SDO:
    https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.5ol9xlbbnrdn
     
    The proposals for two SDOs (Event and Investigation):

    https://docs.google.com/document/d/1wiG6RoNEFaE2lrblfgjpu3RTAJZOK2q0b5OxXCaCV14/edit#heading=h.rpiroek59pvx
     
    Currently, the discussion is about whether it makes sense for there to be one object that can be used to represent both concepts or if they are distinct enough to warrant two objects.

     
    There is also an #incident-events channel on slack for conversations on this topic.
     
    Thanks,
     
     
    Sarah Kelley
    Senior Cyber Threat Analyst
    Multi-State Information Sharing and Analysis Center (MS-ISAC)                   
    31 Tech Valley Drive
    East Greenbush, NY 12061
     
    sarah.kelley@cisecurity.org
    518-266-3493
    24x7 Security Operations Center
    SOC@cisecurity.org  - 1-866-787-4722
     

          
                 

    This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender
    immediately and permanently delete the message and any attachments.


    . . . . .