[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Observed Data
All,
I spoke with John Wunder about how and when to embed Cyber Observable (formerly CybOX) properties directly on a SDO and when you would use Observed Data via a relationship. We were talking about this in context with the upcoming Infrastructure SDO.. The rules we came up with, that we would like your feedback on are listed below. It is important that we understand these rules now, so as to not cause a breaking change with Observed Data later on. So yes, we are talking about an SDO that will not be in the next CSD release, but it is important to understand how it will work and this is the best way to illustrate the usages.
Notes about using Observed Data with things like Infrastructure or Malware.
An open question would be how to track things used as part of an infrastructure over time. Meaning, if a threat actor moved from IoT Camera X to IoT DoorBell Y 3 weeks later, how would you record this?
Bret
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]