cti-cybox message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-cybox] MVP/Message Objects
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: Trey Darley <trey@kingfisherops.com>
- Date: Fri, 8 Jul 2016 09:19:12 -0300
Ah OK - this solves my main problem. Thanks;
( I also wish I could attend more of the cybox working group calls! )
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
Trey Darley ---07/08/2016 09:07:21 AM---On 08.07.2016 08:38:21, Jason Keirstead wrote: >
From: Trey Darley <trey@kingfisherops.com>
To: Jason Keirstead/CanEast/IBM@IBMCA
Cc: "Kirillov, Ivan A." <ikirillov@mitre.org>, "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>
Date: 07/08/2016 09:07 AM
Subject: Re: [cti-cybox] MVP/Message Objects
Sent by: <cti-cybox@lists.oasis-open.org>
On 08.07.2016 08:38:21, Jason Keirstead wrote:
>
> ... but then, all of the X millions of pieces of existing content
> would still exist with that object, so you would now still have to
> write multiple signature patterns to capture things reliably in any
> message context.
>
Hey, Jason -
On yesterday's CybOX working call, we talked through this issue. The
proposal was two-fold:
* for all message-like objects having a notional
sender/recipient/subject/body/etc, that those field names would be
defined identically across all message-like object definitions
* extend the patterning spec such that you could write a CybOX pattern
like:
`*-message-object:body MATCHES /.*evil stuff.*/` which could be tested
against both an `email-message-object` and a `skype-message-object`.
It's a pity you couldn't make the call yesterday, Jason! We really
missed your input. :-(
--
Cheers,
Trey
++--------------------------------------------------------------------------++
Kingfisher Operations, sprl
gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D
++--------------------------------------------------------------------------++
--
"There are two types of people: those who fit into my taxonomy and
those who do not." --anonymous
[attachment "signature.asc" deleted by Jason Keirstead/CanEast/IBM]
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]