[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] Network Flow
On 15.09.2016 15:24:48, Kirillov, Ivan A. wrote: > I’m not sure that we had consensus either way – the last discussion > seemed to spiral off into separate threads about use cases and > network traffic modeling in general. All good discussions but I’m > not sure where we really stand on the network flow vs. network > connection issue. > All - CybOX 2.1 had distinct Network Connection [0] and Network Flow [1] objects. If you refer to their respective XSDs, you'll see that they were *quite* different. Refactoring the Network Connection object has long been in scope for CybOX 3.0. At some point in the refactoring process, lightweight flow elements were added to the Network Connection at the request of some committee members. While these flow elements address a useful subset of the use cases targeted by the original CybOX 2.1 Network Flow object, they hardly constitute a comprehensive replacement. Rather than rename the Network Connection to Network Flow, I suggest that we remove the flow elements from the current Network Connection and aim for a properly scoped Network Flow object in CybOX 3.1. [0]: http://cybox.mitre.org/XMLSchema/objects/Network_Connection/2.1/Network_Connection_Object.xsd [1]: http://cybox.mitre.org/XMLSchema/objects/Network_Flow/2.1/Network_Flow_Object.xsd -- Cheers, Trey ++--------------------------------------------------------------------------++ Kingfisher Operations, sprl gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D ++--------------------------------------------------------------------------++ -- "There is absolutely no inevitability, so long as there is a willingness to contemplate what is happening." --Alfred North Whitehead
Attachment:
signature.asc
Description: Digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]