A given process instance in an observable
can't be running in multiple versions of windows at the same time though... - Jason Keirstead Lead Architect - IBM.Security
www.ibm.com/security "Things may come to those who wait, but only the things left by those
who hustle." - Unknown From:
Nicholas Hayden <
nhayden@anomali.com> To:
cti-stix@lists.oasis-open.org,
Jason Keirstead <
Jason.Keirstead@ca.ibm.com> Date:
10/01/2018 10:10 AM Subject:
Re: [cti-stix]
Two Minor 2.1 STIX Proposals Sent by:
<
cti-stix@lists.oasis-open.org> How would we handle if the field has more than one input?
For example the software_ref could be multiple version of windows or
multiple favors of Linux. Best Regards, Nicholas Hayden, CISSP, GICSP, Sec+ Senior Director of Threat Intelligence anomali.com 808 Winslow St Redwood City, CA 94063 Phone: (650) 257-0867 Twitter: @anomali On Sep 28, 2018, 7:48 PM -0400, Jason Keirstead <
Jason.Keirstead@ca.ibm.com>,
wrote: I would like to submit the following
two minor proposals for 2.1... - The addition of a " software_ref " property to the " Process "
cyber observable object. This would allow one to encode what piece of software
a given process is for (which you can then tie to CPE and do many things
with) - A defined relationship type of " vulnerable_to " to be
added from observed_data to vulnerability . This would allow
you to say that a given process, system, or software was vulnerable to
a certain vulnerability. - Jason Keirstead Lead Architect - IBM.Security
www.ibm.com/security "Things may come to those who wait, but only the things left by those
who hustle." - Unknown