OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Need to integrate MAEC and STIX into single report

I am working on transforming Reversing Lab's malware report into STIX. Since malware section of STIX is not very detailed in STIX 2.0, I am using MAEC to describe details of malware.

I have to connect STIX information with MAEC information, so that the software reading STIX package should be able to navigate STIX parts and MAEC part to capture all the information regarding malware.

What is the recommended way to integrate MAEC information into STIX?

My approach - 
Added MAECReference number to malware object:

malware: {
MAECReference: "MAEC-nnn-nnn-nnnn"

MAEC: { id: "MAEC-nnn-nnn-nnnn"

Ingore the id for MAEC, it is a made up id.

Is this a legit way? Can we use MAECRefernce as a custom attribute to accomplish this objective?

Looking forward to guidance.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]