[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] STIX 2.1 & Cyber Observables
That’s a good point, Paul. In CybOX 2.x we had a separate Windows Handle Object that was used by other Windows Objects. However, I’m wondering if that approach was overkill – most use cases that I’ve seen
around handles in terms of malware analysis/IR revolve around handles opened by a particular process. Therefore, would it be enough to add the ability to characterize opened handles as part of the existing Windows Process Extension for the Process Object? Regards, Ivan From: Paul Patrick <Paul.Patrick@FireEye.com> One glaring thing missing from most of the windows specific objects is the concept of Windows Handle. From:
<cti@lists.oasis-open.org> on behalf of Ivan Kirillov <ikirillov@mitre.org> All, As we discussed on the call last week, Trey and I have been thinking over some possibilities as far as new additions for Cyber Observables in 2.1. Here’s the list that we’ve put together
– note that this is meant to be a strawman so that we can start having the discussion about what you (the community) wants to see in 2.1 as far as Cyber Observables:
If you have any thoughts on things you want to see in 2.1 for Cyber Observables, please bring them up – we’re very open to any suggestions and ideas. Happy Holidays! Ivan and Trey This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email
(or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]