Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add :action field to Judgements #164

Closed
craigbro opened this issue Apr 3, 2016 · 1 comment
Closed

Add :action field to Judgements #164

craigbro opened this issue Apr 3, 2016 · 1 comment
Assignees
@craigbro
Labels
schema

Comments

@craigbro
Copy link
Contributor

craigbro commented Apr 3, 2016

When we make a judgement, we should be able to specify and :action that is suggested to take when the observable in the judgement is seen. The possible values are pulled from the OpenC2 spec, DENY, ALLOW, ALERT with a default of DENY. This will allow us to use the CTIM to capture "watchlists".

Some side-effects of this:

  • When we import Indicators and they reference COAs, do we have to now extract the suggested COA?
  • Do we need an API call to change the action of a judgement?
  • Should the action be ignored if there is an Indicator?
@craigbro craigbro added the schema label Apr 3, 2016
@craigbro craigbro self-assigned this Apr 3, 2016
@craigbro craigbro added the ready label Apr 3, 2016
@polygloton polygloton added this to the Debutant milestone Apr 13, 2016
@craigbro craigbro removed this from the Debutant milestone Jun 16, 2016
@craigbro
Copy link
Contributor Author

I am not so sure we want to have this double coding, so moving off debutant. It's not that hard for us to provide a default indicator and COA for block and allow.

@craigbro craigbro removed the ready label Oct 31, 2016
@craigbro craigbro closed this as completed Dec 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@craigbro craigbro

Labels
schema
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@craigbro @polygloton