Re: [cti-cybox] CybOX Object Selection

["Jordan, Bret" <bret.jordan@bluecoat.com>]

I like this idea as it will allow tools and product managers to better understand what they need.  If they do not care about malware analysis for example, aka MAEC, then they can just not implement those objects.  

I often get asked by product managers "what is the minimum set I need to implement to get going".  

Thanks,

Bret

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Feb 2, 2016, at 10:44, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:

". Maybe what we really need is a “malware analysis” subset, a “digital forensics” subset, etc."

Yep that is what I am saying I suppose.

Cybox Base
Cybox Network
Cybox Digital Forensics
Cybox Malware

That way a product can more easily specify what they support. And, people looking for products can more easily align expectations.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail