[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] A way of describing credential dumps
I’m with Trey and Allan on this one. The contents of a credential (or other) dump could be captured as a base64’d blob of data in the Artifact Object, but the dump “entries” themselves are abstract metadata that I’m not sure it makes sense to create a discrete CybOX Object for – this may make more sense to include in STIX (if necessary), e.g. as part of the Incident TLO. Regards, Ivan On 6/27/16, 5:26 AM, "Trey Darley" <cti-cybox@lists.oasis-open.org on behalf of trey@kingfisherops.com> wrote: >On 24.06.2016 14:26:26, Allan Thomson wrote: >> >> I would suggest that we do *not* add another object for credential >> dumps. What’s next? Ipr-dump-document? >> My-favorite-word-doc-dump-document? >> >> We have the framework in CyBox already, so lets just make sure that >> it can capture the attributes in existing objects. >> > >Good point, Allan. I hear you on that time-warp thing, too. o_O > >-- >Cheers, >Trey >++--------------------------------------------------------------------------++ >Kingfisher Operations, sprl >gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D >++--------------------------------------------------------------------------++ >-- >"Every old idea will be proposed again with a different name and a >different presentation, regardless of whether it works." --RFC 1925
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]