[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [EXT] Re: [cti-stix] Possible solution to conundrum of how to do patterns for Infrastructure and Malware
Jason,
I think this might be a good approach. Thanks for thinking through the problem. We will just need to make sure the patterning grammar like this can reference sub elements of an object or the entire one. This may also cause us to re-think the way the cyber observable container is formed (maybe it would have been better if each cyber observable object was actually just a top-level STIX object.).
I would like to model this design out with say Malware that has 27 known versions (hashes) where each instance say has 2 different filenames. While maybe not completely "real-world", it should help verify the design. I would also like to see about modeling this with say an Infrastructure object that has 1000 IPs in it. So a pattern that references the entire list of a 1000 IPs and a pattern that only references 3 non contiguous IPs from the list.
Bret
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]