But you should call that "IT Asset" (or ask ISO/IEC, and NIST* or DHS* to change their definition...)
(NB: I guess you would call an SQL Injection a Vulnerability... where in fact, it is a Weakness until you get an Exposure - period, or use the Medias' definition of Hacker instead of RFC1392)
I can't fix the world.
You obviously don't have full understanding of Risk Management*, and I don't want to stay focused on the low (Operational/Tactical) level of the pyramid* for trying to build a cathedral
Examples (without a RTFM): http://www.frhack.org/research/xorcism.php
“Confidence is ignorance. If you're feeling cocky, it's because there's something you don't know.” ― Eoin Colfer, Artemis Fowl
(CTI is just another workaround for the continuous fail from the industry to deliver properly understood, well designed with built-in security 'systems'.)
2016-06-22 15:32 GMT+03:00 Jason Keirstead <Jason.Keirstead@ca.ibm.com>:
I won't claim to know where the ISO definition originated, or who was backing that definition at the time. All I know is the following...
- I have worked in the cyber security space for quite a while now and I have never heard of any client, colleague, or vendor intermingle the term "asset" with threat actors or system users.
- I do not know of any widely used tool or piece of software in cyber security* that intermingles the term "asset" with actors or users. "Assets", "asset compliance", "asset reporting", "asset risk", and the like *always* refer to infrastructure, software, and systems which should be protected, they never refer to users or actors. I am quite positive that if a piece of software used the term "Asset" to encompass users or actors and intermingle them, no one would know what we were talking about.
- I can not think of any common attributes that would want to be shared between infrastructure assets and threat actors, which would want us to derive from an "asset" base. This is where examples would help. I would appreciate if the backers of this proposal send a concrete example of the model - of an Asset base from which Threat Actor and Identity would share attributes with Infrastructure, and what that would look like (what attribues would be shared beyond the cti-common attributes). I can not envision the use case for this (what the common properties are that are relevant to CTI), so this is where examples of the model in action would help.
* I want to call out in advance that GRC is a different space with different consumers, and I do not believe STIX is not trying to solve or work in the GRC space.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown"Wunder, John A." ---06/21/2016 01:29:42 PM---We discussed this on the working call today, there was not a lot of consensus. I’ll be sending out a
From: "Wunder, John A." <jwunder@mitre.org>
To: Jerome Athias <athiasjerome@gmail.com>, Allan Thomson <athomson@lookingglasscyber.com>
Cc: Jason Keirstead/CanEast/IBM@IBMCA, "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>, "Katz, Gary CTR DC3/DCCI" <Gary.Katz.ctr@dc3.mil>, Patrick Maroney <Pmaroney@specere.org>, "Piazza, Rich" <rpiazza@mitre.org>, Terry MacDonald <terry.macdonald@cosive.com>
Date: 06/21/2016 01:29 PM
Subject: Re: [cti-cybox] A new Forum Object
Sent by: <cti-cybox@lists.oasis-open.org>> ",
We discussed this on the working call today, there was not a lot of consensus. I’ll be sending out an e-mail with 3 different options and some examples via each option. It’ll probably take me a couple days to put it together.
I also mentioned on the call that I could use some examples of scenarios we’d want to represent via this approach, preferably in the form of existing CTI reports that we can convert to STIX. If you have anything, let me know.
From: <cti-cybox@lists.oasis-open.org> on behalf of Jerome Athias <athiasjerome@gmail.com>
Date: Tuesday, June 21, 2016 at 12:13 PM
To: Allan Thomson <athomson@lookingglasscyber.com>
Cc: Jason Keirstead <Jason.Keirstead@ca.ibm.com>, "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>, "Katz, Gary CTR DC3/DCCI" <Gary.Katz.ctr@dc3.mil>, Patrick Maroney <Pmaroney@specere.org>, Rich Piazza <rpiazza@mitre.org>, Terry MacDonald <terry.macdonald@cosive.com>
Subject: Re: [cti-cybox] A new Forum Object
Given that
1) OASIS (Organization for the Advancement of Structured Information Standards) is a nonprofit, international consortium whose goal is to promote the adoption of product-independent standards"
2) ISO/IEC 27001 is (The) an international standard (and, as per my knowledge, Wikipedia is not)
I hope I have the right to point out Asset definition from an international standard.
With that said,
(Without arguing against the fact that Active Directory would not be a directory/inventory...)
(Nor pointing to the CIS Top Critical Controls)
(Not even to AI spec, CNSS Glossary or any RFC)
I do understand what I would call IT Asset.
Anyway, I should probably wait for the summer release for a review and feedbacks
On Tuesday, 21 June 2016, Allan Thomson <athomson@lookingglasscyber.com> wrote:
Given that this forum and schema is specifically defined for communicating cyber threat information I think we should stick to well understood terms/definitions in the cyber/IT world.
I agree with Jason – that an asset is typically used to refer to a network connected system that is administered as part of an asset inventory system.
Asset’s typically are id-d with asset tags and those asset tags are tracked by the inventory system. They are also used by IT to know who they belong to, what their location is (if fixed) ….etc.
To my knowledge no company or organization currently tags their employees in an asset inventory system ☺
That said, I still think we should have a generic name for network connected systems rather than an asset vs malicious infrastructure.
Regards
allan
From: OASIS list <cti-cybox@lists.oasis-open.org> on behalf of Jerome Athias <athiasjerome@gmail.com>
Date: Tuesday, June 21, 2016 at 7:17 AM
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Cc: OASIS list <cti-cybox@lists.oasis-open.org>, "Gary.Katz.ctr@dc3.mil" <Gary.Katz.ctr@dc3.mil>, Patrick Maroney <Pmaroney@specere.org>, Rich Piazza <rpiazza@mitre.org>, Terry MacDonald <terry.macdonald@cosive.com>
Subject: Re: [cti-cybox] A new Forum Object
So from a business point of view, you are not an asset for your company?
(I should refresh my ISO 27001 memory)
On Tuesday, 21 June 2016, Jason Keirstead <Jason.Keirstead@ca.ibm.com<mailto:Jason.Keirstead@ca.ibm.com>> wrote:
I would not call an insider or any other actor an "asset". These are fundamentally different concepts and very different attributes would want to be tracked for them.
"Asset" has a very specific meaning in the world of IT and IT security, and it does not encompass individuals.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security<http://www.ibm.com/security> | www.securityintelligence.com<http://www.securityintelligence.com>
Without data, all you are is just another person with an opinion - Unknown
[nactive hide details for Jerome Athias ---06/21/2016 11:03:00 AM---Btw an]Jerome Athias ---06/21/2016 11:03:00 AM---Btw an insider threat actor would be one of your asset... On Tuesday, 21 June 2016, Jason Keirstead
From: Jerome Athias <athiasjerome@gmail.com<_javascript_:_e(%7B%7D,'cvml','athiasjerome@gmail.com');>>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: Terry MacDonald <terry.macdonald@cosive.com<_javascript_:_e(%7B%7D,'cvml','terry.macdonald@cosive.com');>>, "Katz, Gary CTR DC3/DCCI" <Gary.Katz.ctr@dc3.mil<_javascript_:_e(%7B%7D,'cvml','Gary.Katz.ctr@dc3.mil');>>, Patrick Maroney <Pmaroney@specere.org<_javascript_:_e(%7B%7D,'cvml','Pmaroney@specere.org');>>, "cti-cybox@lists.oasis-open.org<_javascript_:_e(%7B%7D,'cvml','cti-cybox@lists.oasis-open.org');>" <cti-cybox@lists.oasis-open.org<_javascript_:_e(%7B%7D,'cvml','cti-cybox@lists.oasis-open.org');>>, Rich Piazza <rpiazza@mitre.org<_javascript_:_e(%7B%7D,'cvml','rpiazza@mitre.org');>>
Date: 06/21/2016 11:03 AM
Subject: Re: [cti-cybox] A new Forum Object
________________________________
Btw an insider threat actor would be one of your asset...
On Tuesday, 21 June 2016, Jason Keirstead <Jason.Keirstead@ca.ibm.com<_javascript_:_e(%7B%7D,'cvml','Jason.Keirstead@ca.ibm.com');>> wrote:
I don't see this as a valid comparison. The properties we are looking to capture on Network Connection have next to zero intersection with the properties below. Also a network flow has two "message bodies" at the same time. FInally, the senders and recipients of "messages" are actors, where as the senders and recipients of network connections are physical devices.
I doubt one would want to combine the Asset object and the Threat Actor object into one common base, which is what you would have to do if you wanted to use the Message object to communicate a network connection.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security<http://www.ibm.com/security> | www.securityintelligence.com<http://www.securityintelligence.com/>
Without data, all you are is just another person with an opinion - Unknown
[nactive hide details for Terry MacDonald ---06/20/2016 07:18:55 PM---Eric]Terry MacDonald ---06/20/2016 07:18:55 PM---Eric/Jason, How would the Message Object be different to Network Connection Object
From: Terry MacDonald <terry.macdonald@cosive.com>
To: "Katz, Gary CTR DC3/DCCI" <Gary.Katz.ctr@dc3.mil>
Cc: Jerome Athias <athiasjerome@gmail.com>, Jason Keirstead/CanEast/IBM@IBMCA, Patrick Maroney <Pmaroney@specere.org>, "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>, Rich Piazza <rpiazza@mitre.org>
Date: 06/20/2016 07:18 PM
Subject: [cti-cybox] Re: [Non-DoD Source] Re: [cti-cybox] A new Forum Object
Sent by: <cti-cybox@lists.oasis-open.org>
________________________________
Eric/Jason,
How would the Message Object be different to Network Connection Object then? Both are describing a connection between two endpoints containing data.
Cheers
Terry MacDonald | Chief Product Officer
[cid:image002.png@01D1CB8F.AA2469D0]
M: +61-407-203-026<tel:+61-407-203-026>
E: terry.macdonald@cosive.com
W: www.cosive.com<https://www.cosive.com/>
On Tue, Jun 21, 2016 at 5:12 AM, Katz, Gary CTR DC3/DCCI <Gary.Katz.ctr@dc3.mil> wrote:
Hey guys,
Based on some of our past work in similar areas, suggest the following information be captured:
- body
- timestamp
- timestamp description (message sent, received, created, viewed, etc.)
- viewed (whether or not the user saw the message)
- thread_id (unique identifier that defines what conversation thread the
message comes from)
- sender, recipients, and participants (sometimes you can't determine who the
sender was but you know which people were involved in the conversation)
- attachments
- thumbnails (which we treat as an attachment of the attachment.)
- file path
- name (the name the application gives the attachment, sometimes different then
the filename found in the filepath)
-----Original Message-----
From: cti-cybox@lists.oasis-open.org [mailto:cti-cybox@lists.oasis-open.org] On Behalf Of Jerome Athias
Sent: Monday, June 20, 2016 8:21 AM
To: Jason Keirstead
Cc: Patrick Maroney; cti-cybox@lists.oasis-open.org; Rich Piazza; Terry MacDonald
Subject: [Non-DoD Source] Re: [cti-cybox] A new Forum Object
Yeah, I think we agreed on exploring this approach, some time ago (Ref. SMS Message Object http://making-security-measurable.1364806.n2.nabble.com/CybOX-2-1-Proposals-Round-2-td7581861.html )
2016-06-20 14:30 GMT+03:00 Jason Keirstead <Jason.Keirstead@ca.ibm.com>:
My point is, none of this is arguments for or against a dedicated forum object. All of these things can be applied to email, SMS, and any other message type. I can craft a highly targeted SMS campaign just as easily as a highly targeted email campaign.
I do not see why email or forum are unique enough to have their own objects. They should be extensions of a common "message" object which contains the 75%+ of common attributes that all messages share.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security<http://www.ibm.com/security> | www.securityintelligence.com<http://www.securityintelligence.com/>
Without data, all you are is just another person with an opinion - Unknown
Inactive hide details for Patrick Maroney ---06/17/2016 04:55:52 PM---Re: “- There have been a heck of a lot of drive-by downlPatrick Maroney ---06/17/2016 04:55:52 PM---Re: “- There have been a heck of a lot of drive-by downloads distributed via forum posts. Forum post
From: Patrick Maroney <Pmaroney@Specere.org>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>, "Rich Piazza" <rpiazza@mitre.org>, Terry MacDonald <terry.macdonald@cosive.com>
Date: 06/17/2016 04:55 PM
Subject: Re: [cti-cybox] A new Forum Object
________________________________
Re: “- There have been a heck of a lot of drive-by downloads distributed via forum posts. Forum posts distribute malware just as much as email.”
Agreed, Malicious content is delivered by numerous channels/methods including Forums. Watering-hole and Drive-By attacks can be ***very*** targeted. Not sure what you point is?
Re: “- The incredible majority of malware delivered via email is not specifically targeted.”
Again not sure of your point. While some nuisance-ware & run-of-the-mill-malware is not specifically targeted, what does that have to do with VERY specifically targeted attacks against organizations and entire sectors?
Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104
President
Integrated Networking Technologies, Inc.
PO Box 569
Marlton, NJ 08053
From: Jason Keirstead <jason.keirstead@ca.ibm.com>
Date: Friday, June 17, 2016 at 2:48 PM
To: Patrick Maroney <Pmaroney@Specere.org>
Cc: "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>, Jason Keirstead <jason.keirstead@ca.ibm.com>, Richard Piazza <rpiazza@mitre.org>, Terry MacDonald <terry.macdonald@cosive.com>
Subject: RE: [cti-cybox] A new Forum Object
I dunno about that...
- There have been a heck of a lot of drive-by downloads distributed via forum posts. Forum posts distribute malware just as much as email.
- The incredible majority of malware delivered via email is not specifically targeted.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security<http://www.ibm.com/security> | www.securityintelligence.com<http://www.securityintelligence.com/>
Without data, all you are is just another person with an opinion - Unknown
nactive hide details for Patrick Maroney ---06/17/2016 02:59:28 PM---My .Patrick Maroney ---06/17/2016 02:59:28 PM---My .02: There are very distinct differences between an email message and a forum post. Starting wit
From: Patrick Maroney <Pmaroney@Specere.org>
To: Terry MacDonald <terry.macdonald@cosive.com>, Jason Keirstead/CanEast/IBM@IBMCA
Cc: "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>, "Rich Piazza" <rpiazza@mitre.org>
Date: 06/17/2016 02:59 PM
Subject: RE: [cti-cybox] A new Forum Object
________________________________
My .02:
There are very distinct differences between an email message and a forum post. Starting with the header meta-data and intent. For example, as an attacker I send a malicious weaponized email to 1200 very specific targets. These individual emails, targets, along with all of the other email meta-data are completely different from a forum post. Of course a forum post may be created and/or further disemminated by an email message, but these all represent distinct objects, acts, and ponts in time.
Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org <mailto:pmaroney@specere.org>
On Fri, Jun 17, 2016 at 9:57 AM -0400, "Jason Keirstead" <Jason.Keirstead@ca.ibm.com <mailto:Jason.Keirstead@ca.ibm.com> > wrote:
Maybe I am "old school" from the days of NNTP boards and what-not - but the difference between an email message and a newsgroup AKA Forum post is actually very small to me.
There's a reason it is so easy to create a forum from a mailing list and vice-versa (like Nabble).... its really more a protocol difference than a difference in the message contents. Both are messages that come from an entity that are addressed to one or more other entities, which have headers and which may or may not have other attachments to the message. The fact that one is delivered via SMTP and the other via NNTP or the Web is a protocol nuance, not a property of the message, IMO.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security<http://www.ibm.com/security> | www.securityintelligence.com<http://www.securityintelligence.com/>
Without data, all you are is just another person with an opinion - Unknown
nactive hide details for Terry MacDonald ---06/16/2016 06:43:06 PM---My pTerry MacDonald ---06/16/2016 06:43:06 PM---My problem with putting this under message is that a forum post doesn't go anywhere. It's a post on
From: Terry MacDonald <terry.macdonald@cosive.com>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: Rich Piazza <rpiazza@mitre.org>, cti-cybox@lists.oasis-open.org
Date: 06/16/2016 06:43 PM
Subject: RE: [cti-cybox] A new Forum Object
________________________________
My problem with putting this under message is that a forum post doesn't go anywhere. It's a post on a forum. It is accessed at a certain time, and at that point it's a message, by that should be captured in a network connection object somehow.
Cheers
Terry MacDonald
Cosive
On 17/06/2016 5:03 AM, "Jason Keirstead" <Jason.Keirstead@ca.ibm.com <mailto:Jason.Keirstead@ca.ibm.com> > wrote:
Or maybe *I* am not up to date :)
But I will say, if people think at any time in the future we will want all these types of messages (like forum post), it doesn't make sense to make an EmailMessage object... once you make a object it is going to be really hard to get rid of.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security<http://www.ibm.com/security> <http://www.ibm.com/security> | www.securityintelligence.com<http://www.securityintelligence.com/> <http://www.securityintelligence.com/>
Without data, all you are is just another person with an opinion - Unknown
nactive hide details for "Piazza, Rich" ---06/16/2016 03:40:05 PM---That'"Piazza, Rich" ---06/16/2016 03:40:05 PM---That's described in the "playground" - I was under the impression that we weren't going with the Mes
From: "Piazza, Rich" <rpiazza@mitre.org <mailto:rpiazza@mitre.org> >
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: "cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org> " <cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org> >, "Terry MacDonald" <terry.macdonald@cosive.com <mailto:terry.macdonald@cosive.com> >
Date: 06/16/2016 03:40 PM
Subject: RE: [cti-cybox] A new Forum Object
________________________________
That’s described in the “playground” – I was under the impression that we weren’t going with the Message abstraction object (see Ivan’s comment), but maybe I’m not up to date with the current thinking…
From: Jason Keirstead [mailto:Jason.Keirstead@ca.ibm.com <mailto:Jason.Keirstead@ca.ibm.com> ]
Sent: Thursday, June 16, 2016 2:34 PM
To: Piazza, Rich <rpiazza@mitre.org <mailto:rpiazza@mitre.org> >
Cc: cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org> ; Terry MacDonald <terry.macdonald@cosive.com <mailto:terry.macdonald@cosive.com> >
Subject: RE: [cti-cybox] A new Forum Object
Email is also an extension to the Message object though.
There is currently a Message object with extensions for SMS, Email, Skype, and Attachment in the Playground:
https://docs.google.com/document/d/1P6k0uqbAYDRpYG5jjgYAKBDEc_iSG0-SGFaXgaPkqyg/edit <https://docs.google.com/document/d/1P6k0uqbAYDRpYG5jjgYAKBDEc_iSG0-SGFaXgaPkqyg/edit>
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security<http://www.ibm.com/security> <http://www.ibm.com/security> | www.securityintelligence.com<http://www.securityintelligence.com/> <http://www.securityintelligence.com/>
Without data, all you are is just another person with an opinion - Unknown
nactive hide details for "Piazza, Rich" ---06/16/2016 03:07:33 PM---Did y"Piazza, Rich" ---06/16/2016 03:07:33 PM---Did you mean the Email Message object? From: cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org> [mailto:cti-cybox@lists <mailto:cti-cybox@lists> .
From: "Piazza, Rich" <rpiazza@mitre.org <mailto:rpiazza@mitre.org> >
To: Jason Keirstead/CanEast/IBM@IBMCA, Terry MacDonald <terry.macdonald@cosive.com <mailto:terry.macdonald@cosive.com> >
Cc: "cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org> " <cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org> >
Date: 06/16/2016 03:07 PM
Subject: RE: [cti-cybox] A new Forum Object
________________________________
Did you mean the Email Message object?
From: cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org> [mailto:cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org> ] On Behalf Of Jason Keirstead
Sent: Thursday, June 16, 2016 9:36 AM
To: Terry MacDonald <terry.macdonald@cosive.com <mailto:terry.macdonald@cosive.com> >
Cc: cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org>
Subject: Re: [cti-cybox] A new Forum Object
This seems to me like it should be an extension to the Message object, not its own object.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security<http://www.ibm.com/security> <http://www.ibm.com/security> | www.securityintelligence.com<http://www.securityintelligence.com/> <http://www.securityintelligence.com/>
Without data, all you are is just another person with an opinion - Unknown
nactive hide details for Terry MacDonald ---06/16/2016 10:33:15 AM---Hi ATerry MacDonald ---06/16/2016 10:33:15 AM---Hi All, For the 3rd time someone recently asked me if there was a way of encoding
From: Terry MacDonald <terry.macdonald@cosive.com <mailto:terry.macdonald@cosive.com> >
To: cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org>
Date: 06/16/2016 10:33 AM
Subject: [cti-cybox] A new Forum Object
Sent by: <cti-cybox@lists.oasis-open.org <mailto:cti-cybox@lists.oasis-open.org> >
________________________________
Hi All,
For the 3rd time someone recently asked me if there was a way of encoding web forum posts within CybOX. My reply...well not really. That answer bothered me greatly, so with the help of AJ from EclecticIQ I put together a Forum Object.
The Forum Object is designed to record web forum and newsgroup posts, and is aimed primarily at helping people record what is being discussed on underground forums.
I really think it is needed for CybOX 3.0 MVP personally, and a couple of friends at very large organizations have also confirmed they would find this very useful. In fact one was surprised that it wasn't there already.
1.1 Forum Object
Type Name: forum-object
Status: Draft
MVP: Yes
The Forum Object represents a single Forum post. It is used to capture posts on newsgroups and web forums, primarily to enable the sharing of conversations held between threat actors on underground forums.
Properties
CybOX Object Properties
id, type
Property Name Type Description
type (inherited from cybox-object) string Indicates that this object is a CybOX Forum Object. The value of this field MUST be forum-object.
url (optional) string Specifies the url of the forum.
forum-name(required) string Specifies the name of the forum.
room-name(optional) string Specifies the room-name within the forum.
thread-title string Specifies the thread-title within the forum.
post-creator string Specifies the identity of the forum post creator.
post-details string Specifies the full details of the forum post.
Examples
Underground forum post
{
"type": "forum-object",
"id": "forum-object--1",
"url": "https://www.cardz4cheap.org/cardsforsale/5332113 <https://www.cardz4cheap.org/cardsforsale/5332113M: +61-407-203-026<tel:%2B61-407-203-026> <tel:+61-407-203-026<tel:%2B61-407-203-026>>
"forum-name": "Cardz4cheap",
"room-name": "Cards for sale",
"thread-title": "Happy Burger Cards",
"post-creator": "DeliteD",
E: terry.macdonald@cosive.com <mailto:terry.macdonald@cosive.com>
W: www.cosive.com<http://www.cosive.com/> <https://www.cosive.com/>