ikiril01
commented
9 years ago Context: this would mostly be useful for malware-related use cases, for more accurately capturing malware behavior as recorded by a sandbox (i.e. in MAEC).
Open ikiril01 opened 11 years ago
ikiril01
commented
9 years ago Context: this would mostly be useful for malware-related use cases, for more accurately capturing malware behavior as recorded by a sandbox (i.e. in MAEC).
Actions can often have specific failure modes (e.g. not just FAILURE but the reason why the Action may have failed) as reported through APIs (e.g. Win32 kernel) or other interfaces, which we should add support for the capture of.