RE: CybOX 3.0: Address Object Refactoring

[Terry MacDonald <terry@soltra.com>]

Hi Ivan and Trey,

Great idea to do this. We do need some clean-up to remove the duplication so I’m very glad to see this!

• Does this make sense or not?

Yes. I very much does.

• Which of the options around IP Address specification (option 1 or option 2) do you prefer?

Option 2. It seems more logical to extend each object from the base one.

• Do you agree with using CIDR notation as the only supported syntax for IP addresses?

Yes. I like that there is ‘only one way to do it’.

• Do you think we need other Objects for capturing ATM address and net masks?

Not ATM, but I do think that Netmasks could possibly make it easier if describing something like Cisco kit setup. There may also be some weird scenario when a new piece of malware changes the netmask, and it could be useful to have a mechanism to describe it.

Cheers

 

Terry MacDonald

Senior STIX Subject Matter Expert

SOLTRA | An FS-ISAC and DTCC Company

+61 (407) 203 206 | terry@soltra.com

 

 

From: cti-cybox@lists.oasis-open.org [mailto:cti-cybox@lists.oasis-open.org] On Behalf Of Kirillov, Ivan A.
Sent: Wednesday, 28 October 2015 3:36 AM
To: cti-cybox@lists.oasis-open.org
Subject: [cti-cybox] CybOX 3.0: Address Object Refactoring

 

All,

 

Trey and I have been busy thinking about some ideas around refactoring related to CybOX 3.0. The first idea we’d like to propose to you is around the refactoring of the Address Object into more atomic entities (as discussed in some of the GitHub issues): https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Address-Object-Refactoring

 

Let us know your thoughts! In particular we’d love to know:

 

• Does this make sense or not?
• Which of the options around IP Address specification (option 1 or option 2) do you prefer?
• Do you agree with using CIDR notation as the only supported syntax for IP addresses?
• Do you think we need other Objects for capturing ATM address and net masks?

Regards,

Ivan and Trey