Skip to content

Use Cases & Domains

Jump to bottom Edit New page
Patrick Maroney edited this page Sep 24, 2015 · 54 revisions

Use cases identified for CybOX include (but are not limited to):

  • Support capture of “atomic” cyber data
    • Enable characterization of atomic network-related data
  • Support malicious cyber activity detection
  • Support cross-sensor correlation and integration
  • Support capture of system state data
    • Support capture of device/endpoint state
      • Enable characterization of PC state
        • Enable characterization of BIOS state
      • Enable characterization of mobile device state
      • Support capture of operating system state
        • Enable characterization of operating system-specific artifacts
          • Enable characterization of operating system-specific executable binary formats
          • Enable characterization of operating system-specific kernel artifacts
      • Enable characterization of SCADA device state
        • Enable characterization of SCADA network traffic
      • Support capture of device/endpoint metadata
        • Enable characterization of general device metadata
  • Support capture of cyber analysis results
    • Support capture of malware analysis results
      • Enable characterization of malware artifacts
        • Enable characterization of file-system based malware artifacts
        • Enable characterization of memory-based malware artifacts
        • Enable characterization of network-based malware artifacts
    • Support capture of digital forensics analysis results
      • Support capture of network forensics analysis results
        • Enable characterization of network metadata
      • Support capture of file system analysis results
        • Enable characterization of file metadata
          • Enable characterization of image file metadata
        • Enable characterization of file-system metadata
      • Support capture of memory forensics analysis results
    • Support capture of analysis-related metadata
      • Enable characterization of analysis tool metadata

Applicable domains identified for CybOX include (but are not limited to):

  • Indicator sharing <== [Patrick Maroney, Suggested change: CTI Sharing 150923]
  • Incident response
  • Incident Reporting (Compliance/Agency Reporting) <== [Patrick Maroney, Suggested addition 150923]
  • Malware analysis
  • Digital forensics
    • Network forensics
    • File system forensics
    • Memory forensics
  • Adversary TTP Modeling <== [Patrick Maroney, Suggested addition 150923]
  • CTI Operationalization <== [Patrick Maroney, Suggested addition 150923]

To propose a new use case please:

  1. create a new wiki page
  2. title the page "Use Case:" followed by your use case title
  3. copy and paste the following outline into the new page
  4. fill in the appropriate content
  5. edit this page and add your new use case to the list as a link to your new use case page

Use case title (replace with your title)

Abstraction Level (High, Medium or Low): High (replace with your value)

Related Use Cases: Related use case (replace with your content)

Description: Use case objective and flow description (replace with your content)

Stakeholders/Goals:

  • Stakeholder: Stakeholder description (replace with your content)
  • Goal: Goal description (replace with your content)

Requirements:

  1. Requirement description (replace with your content)

Applicable Domains:

  1. Applicable domain (replace with your content)
Add a custom footer
Add a custom sidebar
Clone this wiki locally