[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti] RE: [EXT] Re: [cti] Need to integrate MAEC and STIX into single report --> Example from FireEye
Hi Ivan and Bret, The document was excellent with appropriate examples. I am trying to map FireEye dynamic analysis data. I could cover most of it but some guidance – How do I represent behavior in terms of cpu and api observations (cybox ?) How do I define sequence of observations (first and then and then type), I am guess STIX patterning of Followed_by will help. Is that right thinking? There is a mention of dynamic and static analysis vocabulary that I could not find. Am I just missing a location on google docs where I should go? Thank you! Subodh Kumar │ Executive
Director | Technology
│ Cybersecurity & Technology Controls
│ J.P. Morgan Chase & Co. │
575 Washington Boulevard, Jersey City, NJ, 07310 │ T: +1
201 595 7299 │ subodh.kumar@jpmorgan.com From: Kirillov, Ivan A. [mailtoikirillov@mitre.org]
Hi Sudobh, You can find it in the STIX 2.1 Working Draft 01, here:
https://docs.google.com/document/d/1bkMmU1PxlwlAwjrMmyWV147rvLcRs2x62FicHbpH2gU/edit#heading=h.cabdb5lryb9q Regards, Ivan From: <cti@lists.oasis-open.org> on behalf of "Kumar, Subodh" <subodh.kumar@jpmorgan.com> Subodh Kumar │ Executive
Director | Technology
│ Cybersecurity & Technology Controls
│ J.P. Morgan Chase & Co. │
575 Washington Boulevard, Jersey City, NJ, 07310 │ T: +1
201 595 7299 │ subodh.kumar@jpmorgan.com From: Bret Jordan [mailtoBret_Jordan@symantec.com]
Subodh, You should look at the changes we have made to the STIX 2.1 Malware object. I think this should get you more than 80-90% of the way. Bret From:
cti@lists.oasis-open.org <cti@lists.oasis-open.org>
on behalf of Kirillov, Ivan A. <ikirillov@mitre.org> Hi Subodh, This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not
the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited. This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]