Skip to content

Windows API to MAEC CybOX Action Mappings

Jump to bottom Edit New page
Ivan Kirillov edited this page Jul 25, 2013 · 2 revisions

This mapping is provided as a notional reference for translating captured Windows kernel API calls to their corresponding MAEC/CybOX Action and Associated Object representations.

Python

mappings = {
"NtOpenFile" : 
 {"action_name" : "open file",
  "action_vocab" : "maecVocabs:FileActionNameVocab-1.0",
  "parameter_associated_objects" : 
    {"FileHandle" : {"associated_object_type" : "WinHandle",
                     "associated_object_element" : "ID",
                     "association_type" : "input"},
     "FileName" :   {"associated_object_type" :"File",
                    "associated_object_element" : "File_Path",
                    "association_type" :"input"}}}}
Add a custom footer
Add a custom sidebar
Clone this wiki locally