New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a new top-level Action construct to act as common basis for human-oriented actions or action decisions #374
Comments
For references, the ''Action type'' (as defined in XORCISM as ActionObjectAssociationType) is currently defined in both CybOX: and MAEC Also for ref., the XORCISM type 'ActionRelationshipType' (coming from CybOX): |
Suggest to consider the 'action' concept/enumeration(s) of IODEF v2 (so incident-centric)
also referenced by purpose |
(Primary comment) |
There are currently a range of places within the STIX model that involve information around human-oriented actions or action decisions.
The most obvious is the COA construct itself but it would also include ActivityType within Campaign, Attack Patterns within TTP (action pattern defined from action), Kill Chain within TTP (action pattern defined from action), investigator/responder actions within Incident, etc.
It would seem beneficial to reduce complexity and ensure better semantic consistency if we were to define an abstract Action construct to act as common basis for these sorts of actions.
The text was updated successfully, but these errors were encountered: