RE: [cti-cybox] CybOX Object Selection

[Terry MacDonald <terry@soltra.com>]

I could be down with this idea. What if we also added a CybOX Intel Analysis group as well to cover the web forum/pastebin/threat intel evidence style objects. Web page content, credential dump content and things like that could be in that group.

 

It could make it much easier for deciding what to support as Jason alluded. I like it.

 

Cheers

 

Terry MacDonald

Senior STIX Subject Matter Expert

SOLTRA | An FS-ISAC and DTCC Company

+61 (407) 203 206 | terry@soltra.com

 

 

From: cti-cybox@lists.oasis-open.org [mailto:cti-cybox@lists.oasis-open.org] On Behalf Of Jason Keirstead
Sent: Wednesday, 3 February 2016 4:44 AM
To: Kirillov, Ivan A. <ikirillov@mitre.org>
Cc: cti-cybox@lists.oasis-open.org
Subject: Re: [cti-cybox] CybOX Object Selection

 

". Maybe what we really need is a “malware analysis” subset, a “digital forensics” subset, etc."

Yep that is what I am saying I suppose.

Cybox Base
Cybox Network
Cybox Digital Forensics
Cybox Malware

That way a product can more easily specify what they support. And, people looking for products can more easily align expectations.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown