Re: [cti-cybox] File Object

On Aug 25, 2016, at 12:29, Kirillov, Ivan A. <ikirillov@mitre.org> wrote:

Based on the good arguments everyone here (and those on Slack) has put forth, Trey and I have decided to flatten out the file-system-properties-type into the base set of properties for the File Object. We also have a similar issue under consideration for the Network Connection Object [1], namely should we merge the Network Flow extension into the base set of Network Connection Object properties? Based on the discussion during the last CybOX working session on this topic, there seemed be consensus that this is something we should do.

[1] https://docs.google.com/document/d/1oPAHN6nitdVF60RuDlajq0VuN6S_p_RP3ZE48yOBBfQ/edit#heading=h.87z6jbjc9fn4

Regards,
Ivan

From: <cti-cybox@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@bluecoat.com>
Date: Tuesday, August 23, 2016 at 2:45 PM
To: "Kemp, David P" <dpkemp@nsa.gov>
Cc: "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>
Subject: Re: [cti-cybox] File Object

Yep... It just does not makes sense for them to be treated as 'less important' properties. Lets just flatten them and make the properties optional.

Thanks,

Bret

Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

On Aug 23, 2016, at 14:35, Kemp, David P <dpkemp@nsa.gov> wrote:

Is a file-system-properties-type ever used anywhere other than as the value of file_system_properties? File-object is the only place it is used in the Host-based Objects document. Is there a reason that it was ever made into a nested type in the first place?

I agree that the parent_directory_ref, file_name, file_name_enc, etc. properties should be flattened back into file-object.

From: cti-cybox@lists.oasis-open.org [mailto:cti-cybox@lists.oasis-open.org] On Behalf Of Jordan, Bret
Sent: Tuesday, August 23, 2016 3:39 PM
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Cc: cti-cybox@lists.oasis-open.org
Subject: Re: [cti-cybox] File Object

Yes

Sent from my Commodore 64

On Aug 23, 2016, at 1:36 PM, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:
Are you talking specifically about the file_system_properties construct?

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

<graycol.gif>"Jordan, Bret" ---08/23/2016 04:31:05 PM---Right now in the File Object some of the properties are artificially nested. These properties deal

From: "Jordan, Bret" <bret.jordan@bluecoat.com>
To: "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>
Date: 08/23/2016 04:31 PM
Subject: [cti-cybox] File Object
Sent by: <cti-cybox@lists.oasis-open.org>

Right now in the File Object some of the properties are artificially nested. These properties deal with the file system aspects of a file. The argument is that not all files have these and thus it should be nested.

This IMHO, violates one of our core objectives of flatter is better than nested. I feel it would be better to have these fields be flattened and just made optional.

This is something we do throughout STIX and is part of our holistic design principles.

Bret

Sent from my Commodore 64
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

cti-cybox message