Just wondered if anyone was working on, or thinking of working on, a BroTestMechanismType for the abstracted TestMechanismType? I’m currently planning to write a paper on the topic of heuristic detection using partial threat intelligence data (somewhat of a continuation of Paul Poputa-Clean’s paper: http://pen-testing.sans.org/resources/papers/gcih/automated-defense-threat-intelligence-augment-121748) and thought that building a standard for Bro modelling might be a useful place to start.
Give me a shout if you’ve got any thoughts!
Head of Capability Development
e: [hidden email]