ikiril01
commented
9 years ago Context: this is necessary for specifying more complex Object-based patterns, and accordingly supporting specification of indicators of malware or malicious activity (i.e. in STIX). For example, a malware instance may drop a file with a particular name and then use the name of this file in a registry key - we would need variable substitution to be able to express this as a pattern.
LOE: High
Add ability to specify, modify and leverage variables within CybOX content for defining patterns based on interrelationships between Object Property values.