[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] Should CyboX events, actions and type enumerations live within the object that uses them?
As Jerome mentioned, I think this would be difficult to do from a data modeling perspective, because many of the Actions and vocabularies are applicable to multiple Objects. However, I think this could be great to have in an API - imagine if, say, an Action had knowledge of the Objects that could be used in it: action = cybox.actions.create_file action.applicable_objects = [“file”, “unix_file”, “windows_file”, “windows_executable_file”] Regards, Ivan On 11/7/15, 4:00 PM, "cti-cybox@lists.oasis-open.org on behalf of John Anderson" <cti-cybox@lists.oasis-open.org on behalf of janderson@soltra.com> wrote: >It would help me to see your idea expressed in Python, Terry. How would this make coding more joyful? >JSA > >________________________________________ >From: cti-cybox@lists.oasis-open.org <cti-cybox@lists.oasis-open.org> on behalf of Jerome Athias <athiasjerome@gmail.com> >Sent: Saturday, November 7, 2015 1:38 AM >To: Terry MacDonald >Cc: cti-cybox@lists.oasis-open.org >Subject: Re: [cti-cybox] Should CyboX events, actions and type enumerations live within the object that uses them? > >Yo >(Yes and No) > >No, because some Vocabularies enumerations are applicable/usable in >many places, or for many objects. >(Think reuse and maintenance) >e.g. https://cyboxproject.github.io/documentation/object-relationships/ >Many Actions could be triggered by different Actors (User, file, >Process, Thread, ...) > >Yes (maybe, potentially) for some objects (to make implementation >simpler), we could agree on that, for -some- objects. (ref. >enumeration of hashes type) > > > > >2015-11-07 3:31 GMT+04:00 Terry MacDonald <terry@soltra.com>: >> Hi All, >> >> >> >> This might be unworkable, but I thought I’d throw it out there anyway. >> >> >> >> I just was reading through the list of EventTypeEnum-1.0.1 here, and I >> thought to myself, as these objects are generally ‘derived from’ and related >> to each other in a tree like structure, it could make sense to actually >> house the enumerations relating to an object specifically with the object >> itself. That would then allow us to make sure that the enumerations >> available to use for each Observable Object are the relevant events, >> actions, etc for that particular object – all information that pertains to >> the object in one place.. within the object itself. >> >> >> >> Should CyboX events, actions and type enumerations live within the object >> they refer to? Is that even a workable idea? >> >> >> >> To be absolutely clear, I’ve not worked through the ramifications of doing >> so, but wanted to source other’s opinions on the idea. Plus its late on >> Friday – weird ideas are supposed to happen late on Fridays J. >> >> >> >> Cheers >> >> >> >> Terry MacDonald >> >> Senior STIX Subject Matter Expert >> >> SOLTRA | An FS-ISAC and DTCC Company >> >> +61 (407) 203 206 | terry@soltra.com >> >> >> >> > >--------------------------------------------------------------------- >To unsubscribe from this mail list, you must leave the OASIS TC that >generates this mail. Follow this link to all your TCs in OASIS at: >https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > >--------------------------------------------------------------------- >To unsubscribe from this mail list, you must leave the OASIS TC that >generates this mail. Follow this link to all your TCs in OASIS at: >https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]