Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAE.OT-12.0019-Part5 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2018-12-19 ÃÑÆäÀÌÁö 59
ÇѱÛÇ¥ÁØ¸í ±¸Á¶È­µÈ À§Çù Á¤º¸ Ç¥Çö ±Ô°Ý(STIX) ¹öÀü 2.0 - Á¦5ºÎ: STIX ÆÐÅÍ´×
¿µ¹®Ç¥Áظí Structured Threat Information eXpression(STIX) Version 2.0 - Part5: STIX Patterning
Çѱ۳»¿ë¿ä¾à STIX ÆÐÅÍ´× ¾ð¾î´Â ³×Æ®¿öÅ©¿Í ¿£µåÆ÷ÀÎÆ®ÀÇ ¾ÇÀÇÀûÀÎ ÇàÀ§¸¦ ŽÁöÇϱâ À§ÇÑ ¹æ¹ýÀ» Á¤ÀÇÇϸç, °ü·ÃµÈ ¿ë¾îÀÇ ¼³¸í°ú ³×ÀÌ¹Ö ¿ä±¸»çÇ×(¼Ó¼º À̸§ ¹× ¹®ÀÚ¿­ ¸®ÅÍ·², ¿¹¾à¾î), ¹®¼­ ±ÔÄ¢(³×ÀÌ¹Ö ±ÔÄ¢, ÆùÆ® »ö»ó ¹× ½ºÅ¸ÀÏ), »ó¼ö, STIX ÆÐÅÏ ¹× ÆÐÅÏÀÇ Ç¥Çö(°üÃø Ç¥Çö½Ä ÇÑÁ¤ÀÚ, °üÃø ¿¬»êÀÚ, ¿¬»êÀÚ ¿ì¼±¼øÀ§, ºñ±³ ¿¬»êÀÚ, ¹®ÀÚ¿­ ºñ±³, ¹ÙÀ̳ʸ® Çü½Ä ºñ±³, ³×ÀÌƼºê Çü½Ä ºñ±³), °´Ã¼ °æ·Î ±¸¹®¿¡ °üÇÑ ³»¿ëÀ» ¿¹½Ã¿Í ÇÔ²² ´Ù·é´Ù. ¶ÇÇÑ STIX ÆÐÅÍ´× Ç¥ÁØÀ» ÁؼöÇÏ´Â ¼öÁØ¿¡ µû¶ó ¼¼ ´Ü°è(±âº» ÀûÇÕ¼º, ±âº» ÀûÇÕ¼º ¹× °üÃø ¿¬»êÀÚ, ¿ÏÀü ÀûÇÕ¼º)·Î ±¸ºÐµÈ ÀûÇÕ¼ºÀÇ Æò°¡ ±âÁØÀ» Á¤ÀÇÇÑ´Ù.
¿µ¹®³»¿ë¿ä¾à The STIX patterning language defines the methods for detecting malicious behavior on networks and endpoints, which includes the descriptions of the terminology, naming requirements(property names and string literals, reserved names), document conventions(naming conventions, font colors and style), constants, STIX patterns, pattern expressions(observation expression qualifiers, observation operators, operator precedence, comparison operators, string comparison, binary type comparison, native format comparison), and object path syntax. It also defines three levels of conformance(basic conformance, basic conformance + observation operators, full conformance) based on the level of compliance with STIX patterning standard.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAE.OT-12.0019-Part5.pdf TTAE.OT-12.0019-Part5.pdf            

ÀÌÀü
ºñµ¿±â ºü¸¥ ¸µÅ©(A-QL) Ä÷¯ ½ºÅ©¸° º¯Á¶ ½Ã½ºÅÛÀÇ ¼ö½Å±â ¾ÆÅ°ÅØó
´ÙÀ½
¿þÀÌºí·¿ º¯È¯ ±â¹Ý ¼ûÀº ºñµ¿±â ºü¸¥ ¸µÅ©(WHA-QL) ¾ÆÅ°ÅØó