[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Indicator TLO
After hearing what you all mentioned on the call this morning, I was thinking that something like this might be good????? I think it was Allan that suggested encoding the version in the key. { "type": "indicator", "id": "indicator--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_time": "2016-04-06T20:03:48Z", "created_by_ref": "source--f431f809-377b-45e0-aa1c-6a4751cae5ff", "title": "Poison Ivy Malware", "description": "This file is part of Poison Ivy", "pattern": { "cybox-3.0.0": "file-object.hashes.md5 = '3773a88f65a5e780c8dff9cdc3a056f3'", "snort-1.2.3": "something in snort syntax", "yara-4.6.7": "something in yara syntax" } } Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]