All,
Since we’ll be mentioning the Event proposals on the Full-TC meeting today, I thought it would be a good idea to send out the various proposals so people can take a look at them.
The proposal for one Event SDO:
https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.5ol9xlbbnrdn The proposals for two SDOs (Event and Investigation):
https://docs.google.com/document/d/1wiG6RoNEFaE2lrblfgjpu3RTAJZOK2q0b5OxXCaCV14/edit#heading=h.rpiroek59pvx Currently, the discussion is about whether it makes sense for there to be one object that can be used to represent both concepts or if they are distinct enough to warrant two objects.
There is also an #incident-events channel on slack for conversations on this topic.
Thanks,
Sarah Kelley
Senior Cyber Threat Analyst
Multi-State Information Sharing and Analysis Center (MS-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061
sarah.kelley@cisecurity.org 518-266-3493
24x7 Security Operations Center
SOC@cisecurity.org - 1-866-787-4722
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender
immediately and permanently delete the message and any attachments.
. . . . .