[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] For review: Network Connection Object
|
Yeah, that’s a good point, and a few others brought it up as well – the destination of a network connection could be sensitive, as it might be internal to your organization (as an example)
in the context of certain attacks. Therefore it sounds like what we need to do is make both src_ref and dst_ref optional, with an unbounded multiplicity on both. Does that seem reasonable to everyone?
Regards, Ivan From:
<cti-cybox@lists.oasis-open.org> on behalf of John Wunder <jwunder@mitre.org> Regarding the note below: are there cases where the dst_ref field might be the sensitive (victim) end of the connection? DDoS and port scans, as Jason was talking about, might be examples
of this? John From:
<cti-cybox@lists.oasis-open.org> on behalf of Ivan Kirillov <ikirillov@mitre.org>
· We discussed which fields should be required
for a network connection; there was consensus that dst_ref should be required, and likely src_ref as well. However, it was pointed out that there are cases where you may not want to share data about the source of a network connection (it could be sensitive
data), so we haven’t decided yet if we’ll mandate that src_ref is required.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]