OASIS Open

Soltra

No

The question is unfortunately phrased too narrowly. Observables should ALWAYS have a non-defanged representation in CTI data sets. We are trying to support automation of detection/mitigation after all and having Observables that don't match "on the wire" observations make them well not actually Observables

The key question is do we add additional optional Observable types for “de-fanged” representations of this content or do we require output of the Observable to do the “de-fanging” for presentation to humans vs. machines