Skip to content

Stix Difficulties: TTPs are almost mandatory #81

New issue
New issue
Open
Open
Stix Difficulties: TTPs are almost mandatory#81
@terrymacdonald

Description

@terrymacdonald
terrymacdonald
opened on Dec 3, 2015

PROBLEM

If you have an Indicator, and you wish to send that out in a manner that matches best practice, you are encouraged to use a TTP, even if that TTP does not add that much value. In addition one requires either a TTP or Incident in most cases to connect an Indicator to other things. As mentioned above in section 21, it may be worth investigating if this does actually need to be the case. It may be worth creating more flexibility in the relationships that are allowed within STIX.

POTENTIAL ANSWER

This may be more of a tooling problem or ‘best practice’ recommendation problem than actually a problem with STIX.

Please see section “21. Relationships are constrained to limited Objects within STIX” above.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions