cti-stix message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-stix] Two Minor 2.1 STIX Proposals
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: Nicholas Hayden <nhayden@anomali.com>
- Date: Mon, 1 Oct 2018 10:13:55 -0300
A given process instance in an observable
can't be running in multiple versions of windows at the same time though...
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those
who hustle." - Unknown
From:
Nicholas Hayden <nhayden@anomali.com>
To:
cti-stix@lists.oasis-open.org,
Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date:
10/01/2018 10:10 AM
Subject:
Re: [cti-stix]
Two Minor 2.1 STIX Proposals
Sent by:
<cti-stix@lists.oasis-open.org>
How would we handle if the field has more than one input?
For example the âsoftware_refâ could be multiple version of windows or
multiple favors of Linux.
Best Regards,
Nicholas Hayden, CISSP, GICSP, Sec+
Senior Director of Threat Intelligence | anomali.com
808 Winslow St Redwood City, CA 94063
Phone: (650) 257-0867 | Twitter: @anomali
On Sep 28, 2018, 7:48 PM -0400, Jason Keirstead <Jason.Keirstead@ca.ibm.com>,
wrote:
I would like to submit the following
two minor proposals for 2.1...
- The addition of a "software_ref" property to the "Process"
cyber observable object. This would allow one to encode what piece of software
a given process is for (which you can then tie to CPE and do many things
with)
- A defined relationship type of "vulnerable_to" to be
added from observed_data to vulnerability. This would allow
you to say that a given process, system, or software was vulnerable to
a certain vulnerability.
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those
who hustle." - Unknown
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]