[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] CybOX "Adopt an Object"
We’ve still had no volunteers for these Objects, so I think at this point it’s safe to say that they will not make it into the July MVP. I’ll be removing their stubs from the specifications. Regards, Ivan From:
<cti-cybox@lists.oasis-open.org> on behalf of Ivan Kirillov <ikirillov@mitre.org> So far, we have no volunteers to adopt the following Objects: ·
Device At this point, it seems likely that they will not make it into the July MVP release. Regards, Ivan From:
<cti-cybox@lists.oasis-open.org> on behalf of Ivan Kirillov <ikirillov@mitre.org> Hi Jason, That’s a good point – Network Socket and Network Connection do share a number of properties, such as destination IP/port and address family (IPv6 or IPv4). I agree that we’d have to make
the source fields optional, but that might be reasonable since there are likely times that you only care about the destination of a connection.
Sockets do have a few unique properties such as socket type (stream, datagram, etc.) that we could perhaps capture as an extension on Network Connection. I think the use cases for them
are primarily around malware analysis and digital forensics – malware often uses sockets as a low-level means of establishing network connections, and so it’s useful to be able to discretely characterize this.
Thanks for taking a stab at User Account! By the way, we’ve been putting together a list of design principles around CybOX Objects that you can find here:
https://docs.google.com/document/d/1DdS-NrVTjGJ3wvCJ7dbSlhYeiaWS6G6dOXu2F3POpUs/edit#heading=h.3txva9d0a3le We hope to use it as a general guide for ourselves to ensure that we stay consistent in our design philosophy, as well as for others to use when creating new Objects. Regards, Ivan From:
Jason Keirstead <Jason.Keirstead@ca.ibm.com> Hi Ivan - does Network Socket intersect with Network Connection? It seems like the current Network Connection object as defined can do most anything you would want to do with a socket, since you can define connection state as LISTEN
·
Device
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]