[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: STIX2 Ideas
1) Add the ability to indicate a spoofed network connections and email. In the indicator you can specify email-address:from_ref.value, email-message:subject, email-message:additional_head_fields, etc, but nowhere to put a spoofed boolean flag. Same for network-traffic.
2) Add a similar definition for the LM Kill chain as you have for TLP (a marking-definition for reconnaissance or c2 for instance)
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]