cti-cybox message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-cybox] A new Forum Object
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: Terry MacDonald <terry.macdonald@cosive.com>
- Date: Thu, 16 Jun 2016 10:36:18 -0300
This seems to me like it should be an extension to the Message object, not its own object.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
Terry MacDonald ---06/16/2016 10:33:15 AM---Hi All, For the 3rd time someone recently asked me if there was a way of encoding
From: Terry MacDonald <terry.macdonald@cosive.com>
To: cti-cybox@lists.oasis-open.org
Date: 06/16/2016 10:33 AM
Subject: [cti-cybox] A new Forum Object
Sent by: <cti-cybox@lists.oasis-open.org>
Hi All,
For the 3rd time someone recently asked me if there was a way of encoding web forum posts within CybOX. My reply...well not really. That answer bothered me greatly, so with the help of AJ from EclecticIQ I put together a Forum Object.
The Forum Object is designed to record web forum and newsgroup posts, and is aimed primarily at helping people record what is being discussed on underground forums.
I really think it is needed for CybOX 3.0 MVP personally, and a couple of friends at very large organizations have also confirmed they would find this very useful. In fact one was surprised that it wasn't there already.
1.1 Forum Object| Type Name: forum-object | Status: Draft
MVP: Yes |
The Forum Object represents a single Forum post. It is used to capture posts on newsgroups and web forums, primarily to enable the sharing of conversations held between threat actors on underground forums.
Properties| CybOX Object Properties |
| id, type |
| Property Name | Type | Description |
| type (inherited from cybox-object) | string | Indicates that this object is a CybOX Forum Object. The value of this field MUST be forum-object. |
| url (optional) | string | Specifies the url of the forum. |
| forum-name(required) | string | Specifies the name of the forum. |
| room-name(optional) | string | Specifies the room-name within the forum. |
| thread-title | string | Specifies the thread-title within the forum. |
| post-creator | string | Specifies the identity of the forum post creator. |
| post-details | string | Specifies the full details of the forum post. |
Examples
Underground forum post
{
"type": "forum-object",
"id": "forum-object--1",
"url": "https://www.cardz4cheap.org/cardsforsale/5332113",
"forum-name": "Cardz4cheap",
"room-name": "Cards for sale",
"thread-title": "Happy Burger Cards",
"post-creator": "DeliteD",
"post-details": "Hey Dudes, I got 1500 cards for sale real cheap."
}
Cheers
Terry MacDonald | Chief Product Officer
M: +61-407-203-026
E: terry.macdonald@cosive.com
W: www.cosive.com
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]