cti-cybox message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-cybox] IPv4 and IPv6 Address Objects
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- Date: Wed, 31 Aug 2016 08:25:15 -0300
I apologize for my confusing example where I changed from MAC address to IP address half way through my email.. I have not yet had enough coffee...
Here is a re-write of my email
--
Actually - when trying to write this example, I have run into another issue WRT patterning and our decision for some list properties to be able to continue multiple types simultaneously, along with the "always deref" decision.
Take the network-connection src_ref type. How would I write a pattern comparing this against an IPv4 address?
You can't simply do this:
network-connection-object:src_ref.value = '1.2.3.4'
.. because there is no way for me to declare that the type is a IPv4 address and not something else that looks like it
It is like you *always* have to write the type...network-connection-object:src_ref.type = 'ipv4-address-object' AND network-connection-object:src_ref.value = '1.2.3.4'
... this will be quite cumbersome...
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
Jason Keirstead---08/31/2016 08:20:23 AM---Actually - when trying to write this example, I have run into another issue WRT patterning and our d
From: Jason Keirstead/CanEast/IBM@IBMCA
To: "Jordan, Bret" <bret.jordan@bluecoat.com>
Cc: Terry MacDonald <terry.macdonald@cosive.com>, "cti-cybox@lists.oasis-open.org" <cti-cybox@lists.oasis-open.org>, "Mates, Jeffrey CIV DC3DCCI" <Jeffrey.Mates@dc3.mil>
Date: 08/31/2016 08:20 AM
Subject: Re: [cti-cybox] IPv4 and IPv6 Address Objects
Sent by: <cti-cybox@lists.oasis-open.org>
Actually - when trying to write this example, I have run into another issue WRT patterning and our decision for some list properties to be able to continue multiple types simultaneously, along with the "always deref" decision.
Take the network-connection src_ref type. How would I write a pattern comparing this against a MAC address?
You can't simply do this:network-connection-object:src_ref.value = '42:29:82:8d:b5:a9'
.. because there is no way for me to declare that the type is a IPv4 address and not something else
It is like you *always* have to write the type...network-connection-object:src_ref.type = 'ipv4-address-object' AND network-connection-object:src_ref.value = '1.2.3.4'
... this will be quite cumbersome...
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown
<trim>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]