OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Re: Common CybOX Object Refactoring

Kirillov, Ivan A. wrote this message on Tue, Feb 23, 2016 at 15:00 +0000:
> >There is also no support for extended attributes...  This should
> >be added, as MacOSX makes heavy use of extended attributes to
> >record information like where a file was downloaded from, and if it
> >is allowed to be open w/o a security warning or not...
> It does seem like it would be useful to capture these. Do you know if there are any “default” extended attributes? From my brief reading this morning, it appears that they’re essentially name/value pairs. Also, I wonder if these should be captured in the basic file system properties class (FileSystemProperties), or as an extension.

By default, they are empty...  Sadly, there is no standard for extended
attributes (which is partly why their use is limited)...  They are
name/value pairs, but FreeBSD also has system and user name spaces that
each name/value pair can be in...

> >I would say that the field name for the hash type should not be named
> >type, otherwise it could be confused w/ the TLO type field.  Maybe
> >algo instead of type?
> Agreed. How about “hash_type”? There’s already a “hash_value” field, so it would fit well.

Sure, sounds good...


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]