[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] For review: Network Connection Object
|
Regarding the note below: are there cases where the dst_ref field might be the sensitive (victim) end of the connection? DDoS and port scans, as Jason was talking about, might be examples
of this? John From:
<cti-cybox@lists.oasis-open.org> on behalf of Ivan Kirillov <ikirillov@mitre.org>
· We discussed which fields should be required
for a network connection; there was consensus that dst_ref should be required, and likely src_ref as well. However, it was pointed out that there are cases where you may not want to share data about the source of a network connection (it could be sensitive
data), so we haven’t decided yet if we’ll mandate that src_ref is required.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]