[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] Network Connection Object
We just need to remember the whole purpose of STIX and CybOX is to share TI in a lossless way. I would also argue that if there is a standard way that everyone is already using, we should just use that. Historically I feel we had a "not-invented-here"
problem. Let's not reinvent the wheel or boil the ocean. If we are providing basic summary data of a network flow, then that sounds great for something that CybOX can and should do. If we are talking about actual packet headers than CybOX should NOT do that,
we should just include the headers in a libpcap or libpcap-ng format.
Bret
Sent from my Commodore 64
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]