I wanted to share out a proposal to revise the Observed Data object that Gary put together in order to allow mappings from STIX objects into the content of the Observed Data block while still respecting existing mappings. This should allow for infrastructure and malware objects to more easily reference fully mapped observed data graphs while limiting the overhead associated with creating large numbers of additional observed data objects. Jeffrey Mates, Civ DC3/DCCI ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computer Scientist Defense Cyber Crime Institute
jeffrey.mates@dc3.mil 410-694-4335 Attachment: Observed Data Presentation.pptx Description: application/vnd.openxmlformats-officedocument.presentationml.presentation Attachment: Observed_data2.json Description: Binary data Attachment: Observed_data1.json Description: Binary data Attachment: smime.p7s Description: S/MIME cryptographic signature