[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] Recent CybOX Changes
I just wanted to let everyone know where we stand on these issues. Trey and I had a discussion on this topic and decided to make the following changes: ·
file_path in File Object/file-system-properties-type was changed to a string. As others had pointed out, there was no benefit to the delimited approach and it had the side effect
of making patterns more complex. ·
We’ve removed the string-with-encoding-type and reverted all uses back to string. We will similarly go back to our old approach of capturing observed encoding using the flattened
“_enc” and “_b64” fields – for an example of this please see the file_name and corresponding fields [1]. We’ve also reverted our old section in CybOX Core on this topic [2] – please review and comment. Also, let us know which other fields in the CybOX Objects
we should be adding this for. Regards, Ivan From:
Jason Keirstead <Jason.Keirstead@ca.ibm.com> I agree, I am also unsure what the purpose of this field is... are there actual threat analytics use cases where knowing the encoding of a piece of text conveys useful information? Was this requested by a specific user group?
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]