OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-cybox message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-cybox] CybOX Object Selection

I think that makes great sense, Trey. 

On the point release front, we’d love any input to help us plan out this roadmap - which objects/object classes would you like to see us address first? I know that Terry is keen on the web forum post object/credential dump object, as an example.

Oh, and if we do envision using these Object subsets/classes as a means for producers/consumers to declare their particular facet of CybOX support, it seems like this is a topic for the interoperability SC.

Regards,
Ivan




On 2/3/16, 4:31 AM, "Trey Darley" <cti-cybox@lists.oasis-open.org on behalf of trey@soltra.com> wrote:

>On 02.02.2016 13:44:00, Jason Keirstead wrote:
>> ". Maybe what we really need is a “malware analysis” subset, a “digital
>> forensics” subset, etc."
>> 
>> Yep that is what I am saying I suppose.
>> 
>> Cybox Base
>> Cybox Network
>> Cybox Digital Forensics
>> Cybox Malware
>> 
>> That way a product can more easily specify what they support. And,
>> people looking for products can more easily align expectations.
>> 
>
>Hey, Jason -
>
>This is precisely the approach Ivan and I intend to pursue in point
>releases to 3.0. The idea for 3.0 is, let's get the core CybOX
>abstract type definitions right and refactor the set of core MVP
>Observable types selected. Then, say, for 3.1, we as a community
>decide to prioritize the digital forensics domain. So we'll pull
>together a constituency of subject matter experts to guide the
>creation / refactoring of additional Observable types focused on
>digital forensics use cases.
>
>In parallel to the ongoing 3.0 effort, I'd like to see us:
>
>0) Assemble a list of use case categories a la:
>
>  * network
>  * digital forensics
>  * malware analysis
>  * mobile
>  * virtualization
>  * ...
>
>1) Prioritize that list to produce a point release roadmap.
>
>2) Work to identify subject matter experts to guide those discussions,
>   reach out, get them on board, and execute the timeline.
>
>Thoughts?
>
>-- 
>Cheers,
>Trey
>--
>Trey Darley
>Senior Security Engineer
>4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
>Soltra | An FS-ISAC & DTCC Company
>www.soltra.com
>--
>"For all resources, whatever it is, you need more." --RFC 1925

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]