OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] CybOX Core Review

Hi Ivan,

I have a few questions about the CybOX core document..

- I understand the idea of the CybOX container for housing multiple CybOX objects together, but how will this work with the STIX ObservedData (observation) object? For example will the ObservedData object contain a list of 3 objects, out will it contain a CybOX container that contains a dictionary of 3 objects? That seems to be another level of nesting that isn't necessarily needed.
- Can CybOX objects be used directly without a CybOX container? If they have simple incrementing integer IDs, then there will be a collision.
- Why are the objects a dictionary and not a list? As far as I can tell the object dictionary labels are just used as a local identifier, and this was just added to make relationships work. Making each object have an explicit uuid id, and changing the object dictionary to a list makes more sense to me. Plus I like having things explicitly stated.
- If the objects have an explicit uuid based is then that opens up the possibility of cross package relationships.

I understand that this object ID topic may have been thrashed to death in the past, but it does seem to create more nesting than seems to be needed.

Cheers

Terry MacDonald
Cosive

On 14/07/2016 07:50, "Kirillov, Ivan A." <ikirillov@mitre.org> wrote:

Trey and I have spent a good number of hours this week updating and polishing the CybOX Core spec and we now feel that it’s ready for broader review:

https://docs.google.com/document/d/1PSGv6Uvo3YyrK354cH0cvdn7gGedbhYJkgNVzwW9E6A/edit?pref=2&pli=1#heading=h.26otuj4t3npf

 

There have a been a number of changes, including:

 

·         Updating datatypes to align with STIX and adding examples

·         Merging in existing high-level Objects specification (extensions, etc.)

·         Added examples wherever applicable

·         Refactored CybOX Object ID specification/object references

 

Once we do another pass, we’ll put up the specification on a vote for approval for MVP, likely early next week.

 

Also, this will be the main topic of discussion during tomorrow’s 10:00am-11:00am EDT working session.

 

Regards,

Ivan

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]