OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] Object Relationships - Metadata

FWIW the example doesn't make any sense to me as a URL doesn't do redirection or return HTTP codes at all.

301 Redirection and HTTP response codes should not be in the URL object, they should be in the HTTP extension of the Network Connection object.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for "Kirillov, Ivan A." ---06/08/2016 01:18:39 PM---It seems like we have come to general consensus that "Kirillov, Ivan A." ---06/08/2016 01:18:39 PM---It seems like we have come to general consensus that relationships between CybOX Objects should be e

From: "Kirillov, Ivan A." <ikirillov@mitre.org>
To: "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>
Date: 06/08/2016 01:18 PM
Subject: [cti-cybox] Object Relationships - Metadata
Sent by: <cti-cybox@lists.oasis-open.org>




It seems like we have come to general consensus that relationships between CybOX Objects should be expressed as embedded fields, e.g., a “redirects_to_ref” on the URL Object for pointing to another URL that the parent redirected to. However, recently Trey and I were wondering if this approach is too simplistic, in that it may not capture enough detail about the relationship being expressed. For instance, in the case of URL redirection, it’s useful to know the type of URL direction that was observed (e.g., the particular HTTP redirect code). Thus, we were wondering if we should consider expanding the embedded relationship structure to allow for additional metadata, which could perhaps (as a strawman) take on the form of additional keys in the relationship. For example, for URL redirection we could have something like:

{
"type": "url-object",
"id": "url-object--1",
"spec_version": "cybox-3.0",
"value": "http://foo.bar.com/qwerty",
"redirects_to_ref": {"object_ref":"url-object--2",
"http_redirect_code":"301"}
}

We could also perhaps follow a more flattened approach and embed the metadata as a separate sibling field:
{
"type": "url-object",
"id": "url-object--1",
"spec_version": "cybox-3.0",
"value": "http://foo.bar.com/qwerty",
"redirects_to_ref": "url-object--2"
"redirects_to_meta": {"http_redirect_code":"301"}
}

Anyhow, just throwing this out there to see what everyone thinks about 1) us needing to support metadata in Object relationships and 2) the best way to do so (if needed). This will be one our discussion topics for tomorrow’s call.

Regards,
Ivan



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]