-
Notifications
You must be signed in to change notification settings - Fork 5
Maturity: System Object
The System Object appears to conflate hardware and software systems (including operating systems). For instance it has a field of "Username" to describe the (software-based) property of the user currently logged in, as well as the "Total_Physical_Memory" to describe the physical amount of RAM present on the system.
It would probably be more sensible to have a separate Object for describing purely operating system software entities (and perhaps could be an extension of the Product Object), and to likewise relegate all hardware-specific fields to the Device Object.
There are likely many more properties of a software system that could be captured, such as patch level, information about the system kernel, etc.
Most known use is primarily in MAEC for describing properties of a system on which malware is executing (and potentially querying/modifying), such as its Hostname. For instance, this is used in the Cuckoo sandbox MAEC output module: