search

oasis-tcs / cti-stix2

OASIS CTI TC: Provides issue tracking and wiki pages for the STIX 2.x Work Products
https://github.com/oasis-tcs/cti-stix2
Other
23 stars 9 forks source link

STIX Patterning needs a way of describing actions #75

Open treyka opened 6 years ago

treyka commented 6 years ago

For example, a particular file being deleted or a regkey being modified.

Cf. this CAR proposal https://github.com/mitre/stix2patterns_translator/wiki/Actions-Proposal

(Also, @ikiril01 and I have some notes in a playground doc that I need to dig up.)

eliaslevy commented 6 years ago

More generally, why did the CybOX Event did not make it into STIX 2.0? Seem like that would be the natural representation and that the STIX patterning could be used to match it.

athiasjerome commented 5 years ago

Up as it is now critical in regards of ATT&CK traction /vs Sigma

jordan2175 commented 5 years ago

We talked about this on 2019-06-05 and agreed that this should be 2.2. This also needs a lot more use cases and fleshed out text as a proposal.