OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: CybOX Object Selection

As we discussed today, one the things we’d like to do soon is figure out the set of Objects that will make be included in CybOX 3.0: https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Object-Selection. This will help us scope the release and allow us to prioritize efforts on some of the critical refactoring that needs to be done (e.g., around Network Connection).

Overall, there appeared to be consensus on NOT including any new Objects in CybOX 3.0 and focusing on refactoring the existing set from v2.1. While there wasn’t clear consensus on the green-field approach, it appeared that many thought it would serve as a suitable starting point for determining this set, with the following considerations:
  1. For the Objects NOT included in the green-field approach, we should figure out the level of effort to include them. If it is minimal, then they could be candidates for inclusion. We will work on assessing this.
  2. We need more input from the community on the Objects in the green-field approach and whether they make use of those Objects that may not be currently included (list below). Again, it’s worth noting that these Objects will likely be included in a future CybOX 3.x minor release.
  3. There are Objects that may not be included but whose properties may be included in some of forthcoming refactoring. E.g., some properties relating to Network Flow may be included in the refactored Network Connection Object.
  4. There’s some intelligent refactoring we can do to further reduce the Object set. For instance, the Windows Mutex Object can be represented as a relationship between a Windows Handle and a Mutex Object.
For #2, here’s the list of Objects that would currently NOT be included in the CybOX 3.0 Object set for the green-field approach (no known usage from CTI-stats or MAEC):
  • Account
  • Archive File
  • ARP Cache
  • DNS Cache
  • GUI Dialog Box
  • Image File
  • Linux Package
  • Network Flow
  • Network Packet
  • Network Route Entry
  • Network Route
  • Network Subnet
  • Semaphore
  • SMS Message
  • Unix File
  • Unix Network Route
  • Unix Pipe
  • Unix Process
  • Unix User Account
  • Unix Volume
  • URL History
  • Volume
  • Win Computer Account
  • Win Critical Section
  • Win Event Log
  • Win Event
  • Win Filemaping
  • Win File
  • Win Hook
  • Win Kernel
  • Win Mailslot
  • Win Hook
  • Win Memory Page Region
  • Win Network Route Entry
  • Win Prefetch
  • Win Semaphore
  • Win System
  • Win System Restore
  • Win Task
  • Win User Account
  • Win Volume
  • Win Waitable Timer
  • X509 Certificate
Regards,
Ivan

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]