Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify Observed vs. Known Findings Bundles #94

Closed
ikiril01 opened this issue Feb 18, 2015 · 2 comments
Closed

Clarify Observed vs. Known Findings Bundles #94

ikiril01 opened this issue Feb 18, 2015 · 2 comments
Labels
Com-Bundle Modify Type Pri-Low
Milestone
MAEC 5.0

Comments

@ikiril01
Copy link
Member

We should consider adding the ability to specify whether a Findings Bundle, represents some set of data about a malware instance that was "observed" as part of an analysis run, or represents data that was derived or is otherwise "known". This mostly relevant to dynamic entities such as Actions and Behaviors, where currently this distinction is a little ambiguous (although implicit if a Findings Bundle is referenced in a corresponding Analysis).
@ikiril01 ikiril01 added this to the MAEC 5.0 milestone Feb 18, 2015
@ikiril01
Copy link
Member Author

Perhaps this isn't a useful distinction to make explicitly - I'm starting to think that having the implicit Analysis -> Action/Behavior link is enough to explain whether something was observed during a particular execution or is "known" or obtained through code analysis.

@ikiril01
Copy link
Member Author

No longer relevant given #104.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Com-Bundle Modify Type Pri-Low
Projects
None yet
Milestone
MAEC 5.0
Development

No branches or pull requests
1 participant
@ikiril01