Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1309 osint extension #1310

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

1309 osint extension #1310

wants to merge 6 commits into from
+195 −0

Conversation

PavelJurka
Copy link
Contributor

@PavelJurka PavelJurka commented Jan 9, 2025
edited
Loading

Related Issue:

#1309

Description of changes:

We want to use the OSINT profile for threat intelligence, however there are some fields missing from what we currently have. We should align naming to STIX.

@PavelJurka PavelJurka marked this pull request as draft January 9, 2025 13:27
@PavelJurka PavelJurka marked this pull request as ready for review January 9, 2025 14:29
@pagbabian-splunk pagbabian-splunk added enhancement New feature or request non_breaking Non Breaking, backwards compatible changes v1.4.0 Changes marked for the upcoming version 1.4.0 labels Jan 14, 2025
@jonrau-at-queryai
Copy link
Contributor

As per the discussion today, we should push this off until 1.5.0. There is a mixture of STIX and vendor-specific (S1) concepts in here that clash with the more genericized incarnation of OSINT.

I feel the schema does either require a specific campaign object, a STIX Extension, or we create a separate CTI/Threat Intel Profile/Object that is either standalone or extends OSINT.

@jonrau-at-queryai jonrau-at-queryai added v1.5.0 or later and removed v1.4.0 Changes marked for the upcoming version 1.4.0 labels Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@floydtree floydtree Awaiting requested review from floydtree floydtree is a code owner

@pagbabian-splunk pagbabian-splunk Awaiting requested review from pagbabian-splunk pagbabian-splunk is a code owner

@Aniak5 Aniak5 Awaiting requested review from Aniak5 Aniak5 is a code owner

@mikeradka mikeradka Awaiting requested review from mikeradka mikeradka is a code owner

@zschmerber zschmerber Awaiting requested review from zschmerber zschmerber is a code owner

@jonrau-at-queryai jonrau-at-queryai Awaiting requested review from jonrau-at-queryai jonrau-at-queryai is a code owner

@davemcatcisco davemcatcisco Awaiting requested review from davemcatcisco davemcatcisco is a code owner

At least 3 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
enhancement New feature or request non_breaking Non Breaking, backwards compatible changes v1.5.0 or later
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PavelJurka @jonrau-at-queryai @pagbabian-splunk