[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] CybOX 3.0: File Object Refactoring
On 19.11.2015 15:37:15, Jason Keirstead wrote: > My only comment - and I have not decided where I sit on the fence - is that > if you remove "file extension" and "file name" properties, and consolidate > them all into one value called "path", this will make filtering and QUERY > more difficult against your data. > > IE > > "find all observables that <match other params> and are DLL" or > "find all observables that <match other params> and are explorer.exe" > Hey, Jason - As you're surely aware, I'm a major proponent of a rock-solid query capability. I welcome your criticism and think that Ivan and I can easily adapt the model to address the points you raised. Not before tonight's call, but shortly thereafter. ^_^ -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "Any sufficiently complex input format is indistinguishable from bytecode." -- Bratus, Patterson, & Shubina
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]