pagbabian-splunk
commented
1 year ago I think the best person to elaborate on this would be @JasonKeirstead . In short, STIX IOCs can be matched against OCSF observables to match possible attack vectors from known threat actors. There is an overlap in concept as STIX also distinguishes observables (from where OCSF borrowed the name), from IOCs, which are those observables and other artifacts that match threat vectors.
I am currently trying to understand how OCSF compares to STIX. I noticed in the present FAQ (https://github.com/ocsf/ocsf-docs/tree/main/FAQs) that you planned to add an explanation on how they are complementary. As I cannot seem to find an answer to my question online, would it be possible to obtain one here?
Thanks.