You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you have an Indicator, and you wish to send that out in a manner that matches best practice, you are encouraged to use a TTP, even if that TTP does not add that much value. In addition one requires either a TTP or Incident in most cases to connect an Indicator to other things. As mentioned above in section 21, it may be worth investigating if this does actually need to be the case. It may be worth creating more flexibility in the relationships that are allowed within STIX.
POTENTIAL ANSWER
This may be more of a tooling problem or ‘best practice’ recommendation problem than actually a problem with STIX.
Please see section “21. Relationships are constrained to limited Objects within STIX” above.
The text was updated successfully, but these errors were encountered:
PROBLEM
If you have an Indicator, and you wish to send that out in a manner that matches best practice, you are encouraged to use a TTP, even if that TTP does not add that much value. In addition one requires either a TTP or Incident in most cases to connect an Indicator to other things. As mentioned above in section 21, it may be worth investigating if this does actually need to be the case. It may be worth creating more flexibility in the relationships that are allowed within STIX.
POTENTIAL ANSWER
This may be more of a tooling problem or ‘best practice’ recommendation problem than actually a problem with STIX.
Please see section “21. Relationships are constrained to limited Objects within STIX” above.
The text was updated successfully, but these errors were encountered: