[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Re: Common CybOX Object Refactoring
Kirillov, Ivan A. wrote this message on Tue, Feb 23, 2016 at 15:00 +0000: > >There is also no support for extended attributes... This should > >be added, as MacOSX makes heavy use of extended attributes to > >record information like where a file was downloaded from, and if it > >is allowed to be open w/o a security warning or not... > > It does seem like it would be useful to capture these. Do you know if there are any “default” extended attributes? From my brief reading this morning, it appears that they’re essentially name/value pairs. Also, I wonder if these should be captured in the basic file system properties class (FileSystemProperties), or as an extension. By default, they are empty... Sadly, there is no standard for extended attributes (which is partly why their use is limited)... They are name/value pairs, but FreeBSD also has system and user name spaces that each name/value pair can be in... > >I would say that the field name for the hash type should not be named > >type, otherwise it could be confused w/ the TLO type field. Maybe > >algo instead of type? > > Agreed. How about “hash_type”? There’s already a “hash_value” field, so it would fit well. Sure, sounds good... -- John-Mark
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]