[cti-users] stix - BroTestMechanismType?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[cti-users] stix - BroTestMechanismType?

Chris O'Brien

Hi all,


Just wondered if anyone was working on, or thinking of working on, a BroTestMechanismType for the abstracted TestMechanismType? I’m currently planning to write a paper on the topic of heuristic detection using partial threat intelligence data (somewhat of a continuation of Paul Poputa-Clean’s paper: http://pen-testing.sans.org/resources/papers/gcih/automated-defense-threat-intelligence-augment-121748) and thought that building a standard for Bro modelling might be a useful place to start.


Give me a shout if you’ve got any thoughts!





Head of Capability Development


e: [hidden email]


PGP.sig (515 bytes) Download Attachment