[jira] [Updated] (METRON-984) Create Stellar Decoding Functions

Mon, 05 Jun 2017 09:08:22 -0700 

     [ 
https://issues.apache.org/jira/browse/METRON-984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jon Zeolla updated METRON-984:
------------------------------
    Description: 
It is rather commonplace for malicious actors to obfuscate exploits or data 
transfers using encoding.  In order to identify and prioritize responses to (or 
automatically mitigate) those attacks during threat triage we should have a 
method for decoding in Stellar.  Some initial thoughts would be to handle 
percent/URL encoding, base64, base32, base16/hex, HTML encoding, etc.

I would expect that something like DECODE(something, encoding_type, 
optional_failure_mode) would return the contents of field "something" after 
attempting to decode it via "encoding_type".  If decoding fails, 
optional_failure_mode would indicate whether or not to fail the message and 
send it to the error topology, or to simply return the contents of the original 
field "something" (in this example).

  was:It is rather commonplace for malicious actors to obfuscate attacks or 
data transfers using encoding.  In order to identify and prioritize responses 
to (or automatically mitigate) those attacks during threat triage we should 
have a method for decoding in Stellar.  Some initial thoughts would be to 
handle percent/URL encoding, base64, base32, base16/hex, HTML encoding, etc.


> Create Stellar Decoding Functions
> ---------------------------------
>
>                 Key: METRON-984
>                 URL: https://issues.apache.org/jira/browse/METRON-984
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: Jon Zeolla
>            Assignee: Otto Fowler
>
> It is rather commonplace for malicious actors to obfuscate exploits or data 
> transfers using encoding.  In order to identify and prioritize responses to 
> (or automatically mitigate) those attacks during threat triage we should have 
> a method for decoding in Stellar.  Some initial thoughts would be to handle 
> percent/URL encoding, base64, base32, base16/hex, HTML encoding, etc.
> I would expect that something like DECODE(something, encoding_type, 
> optional_failure_mode) would return the contents of field "something" after 
> attempting to decode it via "encoding_type".  If decoding fails, 
> optional_failure_mode would indicate whether or not to fail the message and 
> send it to the error topology, or to simply return the contents of the 
> original field "something" (in this example).



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to