[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] MVP/Message Objects
On 08.07.2016 08:38:21, Jason Keirstead wrote: > > ... but then, all of the X millions of pieces of existing content > would still exist with that object, so you would now still have to > write multiple signature patterns to capture things reliably in any > message context. > Hey, Jason - On yesterday's CybOX working call, we talked through this issue. The proposal was two-fold: * for all message-like objects having a notional sender/recipient/subject/body/etc, that those field names would be defined identically across all message-like object definitions * extend the patterning spec such that you could write a CybOX pattern like: `*-message-object:body MATCHES /.*evil stuff.*/` which could be tested against both an `email-message-object` and a `skype-message-object`. It's a pity you couldn't make the call yesterday, Jason! We really missed your input. :-( -- Cheers, Trey ++--------------------------------------------------------------------------++ Kingfisher Operations, sprl gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D ++--------------------------------------------------------------------------++ -- "There are two types of people: those who fit into my taxonomy and those who do not." --anonymous
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]