Add Relationships for System -> Process/Port/etc. Connections

[ikiril01]

It appears that we currently don't have the necessary relationships for capturing an instance of a running system (via the System Object) and the processes which are running on it, ports that are open on it, etc. This is a valid use case for CybOX, so we should consider adding the corresponding relationships to the default vocabularies schema for supporting it.

[ikiril01]

This may not be completely necessary - I had forgotten about the Observable/Observable_Source/System field, which appears to capture the particular system on which an Observable instance (e.g., process) was seen. However, there are a few issues with this approach, namely that it only allows for Object -> System relationships (unidirectional), and because this field uses the ObjectPropertiesType, it makes referencing System Objects more awkward than with the standard Object/idref approach.

[packet-rat]

We had a good discussion on how to represent virtualized systems and networks a while back. It might be good to consider these representations in any future extensions.

Patrick Maroney (609)841-5104

On Jul 15, 2015, at 10:00 AM, Ivan Kirillov notifications@github.com wrote:

This may not be completely necessary - I had forgotten about the Observable/Observable_Source/System field, which appears to capture the particular system on which an Observable instance (e.g., process) was seen. However, there are a few issues with this approach, namely that it only allows for Object -> System relationships (unidirectional), and because this field uses the ObjectPropertiesType, it makes referencing System Objects more awkward than with the standard Object/idref approach.

— Reply to this email directly or view it on GitHub.