Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Think about adding support for characterizing 'interesting' data #8

Open
ikiril01 opened this issue Jan 17, 2013 · 2 comments
Open

Comments

@ikiril01
Copy link
Member

We should think about whether/how we can add support for characterizing/tagging interesting bits of analysis, e.g. particular actions, objects, etc.

@ikiril01 ikiril01 added this to the MAEC 5.0 milestone Mar 19, 2015
@ikiril01
Copy link
Member Author

Perhaps this can be achieved by a simple entity reference and corresponding tag (either free-form or from an enumeration):

<Observation type="malformed header value" target_id="pefile-object-1"/>

One of the other open questions is where it most make sense to store this - as an element under a Malware Subject, or inside of one of its Analyses?

@ikiril01
Copy link
Member Author

Regarding the previous question, my inclination is to include Observations at the Analysis level, given that they're quite similar to analyst Comments (also included in the Analysis).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants