CTI STIX Subcommittee

Small changes from 2.0 - 2.1 - Add a normative requirement for timestamps - current consensus

  • 1.  Small changes from 2.0 - 2.1 - Add a normative requirement for timestamps - current consensus

    Posted 09-05-2017 20:12


    All,
     
    On today’s working call, we discussed the proposal to add text like:
     
    “If both first_seen and last_seen are present on the object, last_seen
    MUST be more recent or equal to first_seen”
     
    to every pair of time stamps in the spec. The consensus from today’s call was that the majority believed that this should be done.
     
    We’re posting this current consensus to the list to give everyone a last chance to comment or object. If no one objects, we’ll go ahead and add normative text to the spec for every pair of timestamps.

     
    Thanks,
     
    Sarah Kelley
    Senior Cyber Threat Analyst
    Multi-State Information Sharing and Analysis Center (MS-ISAC)                   
    31 Tech Valley Drive
    East Greenbush, NY 12061
     
    sarah.kelley@cisecurity.org
    518-266-3493
    24x7 Security Operations Center
    SOC@cisecurity.org  - 1-866-787-4722
     

          
                 

    This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender
    immediately and permanently delete the message and any attachments.


    . . . . .