Network Connection Object Refactoring

["Kirillov, Ivan A." <ikirillov@mitre.org>]

All,

Here is a community contributed proposal around refactoring the Network Connection Object and related Objects: https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Network-Connection-Object-Refactoring

The main points around this refactoring are:

1. The hierarchy around Network Objects would be replaced with an extension-based approach (as with the File Object) that revolves around the “base” Network Connection Object
   1. A base set of properties common to all network connections would be defined
   2. Existing layer 7 Objects (HTTP Session and DNS Query) would be become extensions
   3. The Network Flow Object would likely be split up into its components (e.g, YAF log, Netflow log, etc.), each of which would be an extension 
   4. New extensions for common Network Connection properties, e.g., port, state and packet statistics, would be added
2. Connections to destination/source IP addresses would be defined via relationships
3. The existing Socket Address Object would be deprecated, as given the specification of IP addresses via relationships and the new port Network Connection Object extension it will no longer be necessary

We plan on discussing this (at least these high-level points) during tomorrow’s working session. 

Regards,

Ivan