Closed Jack28 closed 3 years ago
I would even argue to make TLP:RED the default.
Not for disclosure, restricted to participants only.
Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party's privacy, reputation, or operations if misused.
In email it's a private conversation between a usually very limited number of entities. Nobody else should have access to the contents and attachments
Well that's the difference between what users intend their emails to be (private) and what they technically are (public - think port 25 submission via Internet cafe Wifi). If they were to be private, they'd be encrypted. I agree, I'm nitpicking here. ;->
The commit message could still use some rationale regardless, IMO.
Before tlp was fixed to 'green'.
Now the analyzer config for cortex has an option to specify which tlp level to use when submitting to cortex.