[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] A new Forum Object
Agree that’s a better name than Forum.
An email that is sent to the OASIS mailer is an example of a post to a mail list that happens to be a forum archived on the web.
allan
From: OASIS list <cti-cybox@lists.oasis-open.org> on behalf of Paul Patrick <ppatrick@isightpartners.com>
Date: Wednesday, June 22, 2016 at 8:55 AM
To: Terry MacDonald <terry.macdonald@cosive.com>
Cc: OASIS list <cti-cybox@lists.oasis-open.org>
Subject: Re: [cti-cybox] A new Forum Object
Terry,
I’d like to suggest we not call it a ‘Forum’ object but rather some think like ‘Post’ since it’s the posting, not the forum/blog/chat channel that we’re trying to describe. That why we can equally apply it to things like forums but also to mediums like IRC Chat which are not person-to-person.
Thoughts?
Paul
From: <cti-cybox@lists.oasis-open.org> on behalf of Jerome Athias <athiasjerome@gmail.com>
Date: Wednesday, June 22, 2016 at 1:35 AM
To: Terry MacDonald <terry.macdonald@cosive.com>
Cc: "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>
Subject: Re: [cti-cybox] A new Forum Object
Resent-From: <Paul.Patrick@FireEye.com>
Interesting reading
http://www.networkworld.com/article/3085065/security/hack-the-hackers-eavesdrop-for-intel-on-emerging-threats.html
On Thursday, 16 June 2016, Terry MacDonald <terry.macdonald@cosive.com<mailto:terry.macdonald@cosive.com>> wrote:
Hi All,
For the 3rd time someone recently asked me if there was a way of encoding web forum posts within CybOX. My reply...well not really. That answer bothered me greatly, so with the help of AJ from EclecticIQ I put together a Forum Object.
The Forum Object is designed to record web forum and newsgroup posts, and is aimed primarily at helping people record what is being discussed on underground forums.
I really think it is needed for CybOX 3.0 MVP personally, and a couple of friends at very large organizations have also confirmed they would find this very useful. In fact one was surprised that it wasn't there already.
1.1 Forum Object
Type Name: forum-object
Status: Draft
MVP: Yes
The Forum Object represents a single Forum post. It is used to capture posts on newsgroups and web forums, primarily to enable the sharing of conversations held between threat actors on underground forums.
Properties
CybOX Object Properties
id, type
Property Name
Type
Description
type (inherited from cybox-object)
string
Indicates that this object is a CybOX Forum Object. The value of this field MUST be forum-object.
url (optional)
string
Specifies the url of the forum.
forum-name(required)
string
Specifies the name of the forum.
room-name(optional)
string
Specifies the room-name within the forum.
thread-title
string
Specifies the thread-title within the forum.
post-creator
string
Specifies the identity of the forum post creator.
post-details
string
Specifies the full details of the forum post.
Examples
Underground forum post
{
"type": "forum-object",
"id": "forum-object--1",
"url": "https://www.cardz4cheap.org/cardsforsale/5332113";,
"forum-name": "Cardz4cheap",
"room-name": "Cards for sale",
"thread-title": "Happy Burger Cards",
"post-creator": "DeliteD",
"post-details": "Hey Dudes, I got 1500 cards for sale real cheap."
}
Cheers
Terry MacDonald | Chief Product Officer
[cid:image001.png@01D1CC6A.B61B57E0]
M: +61-407-203-026<tel:+61-407-203-026>
E: terry.macdonald@cosive.com<javascript:_e(%7B%7D,'cvml','terry.macdonald@cosive.com');>
W: www.cosive.com<https://www.cosive.com/>
<<attachment: winmail.dat>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]