bworrell
commented
9 years ago Related to #333
Open ikiril01 opened 10 years ago
bworrell
commented
9 years ago Related to #333
ikiril01
commented
9 years ago Renaming for clarity.
ikiril01
commented
9 years ago Also, from #312 (now closed):
There is currently no way to specify a time when a relationship between two objects was observed/valid.
This is important for relationships such as Domains resolving to IP Addresses.
athiasjerome
commented
9 years ago (from XORCISM) Consider at minimum: an ObjectCreation Object for each Object plus something like Object 1-* ObjectModification to track Objects' lifecycle plus Object 0-* Object (e.g.: Parent/ChildOf relationship) with Offset, CreationTime, Timestamp, ValidFrom, ValidUntil (with implicit previous CreationObject Object for each) in the relationship
PS: for more details, let me know
ikiril01
commented
9 years ago @athiasjerome thanks, we should definitely take a look at how XORCISM handles this.
There is sometimes a need to capture more detailed, expressive relationships between Objects in CybOX. For instance, if an Object is extracted (i.e. contained within) another Object, it would be nice to capture where in the Object it was found (e.g., at what offset). At the moment, we can just say that the Object was extracted from another but cannot specify the contributing offset information.