OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] CybOX 3.0: Address Object Refactoring

I still hold that IP addresses are distinguishable by format alone. However, I acknowledge that it might be nice to know that the value was "assessed" by the producer (however, whether that's really useful is debatable).

Hence, may I suggest:


Generic IP Address field:
{
    "ip_address": "127.0.0.1"
}

or, if the producer knows the version:
{
    "ip_address": {"127.0.0.1": "ipv4"}
}

or, if that much dynamism gives you heartburn:

{
    "ip_address": {"value": "127.0.0.1", "type": "ipv4"}
}

Then, for things with multiple IP Addresses:

{
    "inbound_ip_address": "1.2.3.4",
    "outbound_ip_address": "2001:0db8:0a0b:12f0::0001",
    "another_ip_address": {"127.1.1.1": "ipv4"},
    "ip_address_list": [
        "5.6.7.8",
        {"9.8.7.6": "ipv6"}
    ]
}

Now, for the white elephant: Are we moving to JSON, officially? Or should we be discussing this with XML examples instead?


JSA

PS-Bonus points! Did you spot the data inconsistency? Do you see the problem that it exposes?

________________________________________
From: cti-cybox@lists.oasis-open.org <cti-cybox@lists.oasis-open.org> on behalf of Davidson II, Mark S <mdavidson@mitre.org>
Sent: Thursday, October 29, 2015 9:26 AM
To: Trey Darley; Terry MacDonald
Cc: Jordan, Bret; Kirillov, Ivan A.; cti-cybox@lists.oasis-open.org
Subject: RE: [cti-cybox] CybOX 3.0: Address Object Refactoring

I like this form also.

As to representing a host with multiple network interfaces, I wonder if that's a slightly different discussion. In that case, would you have multiple IP address objects with a relationship to e.g., a host object?
-Mark

-----Original Message-----
From: cti-cybox@lists.oasis-open.org [mailto:cti-cybox@lists.oasis-open.org] On Behalf Of Trey Darley
Sent: Thursday, October 29, 2015 5:22 AM
To: Terry MacDonald <terry@soltra.com>
Cc: Jordan, Bret <bret.jordan@bluecoat.com>; Kirillov, Ivan A. <ikirillov@mitre.org>; cti-cybox@lists.oasis-open.org
Subject: Re: [cti-cybox] CybOX 3.0: Address Object Refactoring

On 28.10.2015 22:27:02, Terry MacDonald wrote:
>
> I probably prefer this one:
>
> {
>      "ipv4Address": "128.25.213.19",
>      "ipv6Address": "fe80::3e07:54ff:fe6c:6d13"
> }
>

+1

--
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
--
"Good, Fast, Cheap: Pick any two (you can't have all three)." --RFC 1925

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]