Chris Hendricks

Thanks for the reply, @jcwilliamsATmitre, and for the clarifications! A few thoughts: > in practice SCOs (though similar) are used a bit differently than what we are aiming for Of...

Put another way, I love the idea of being able to "officially" say something like: "To detect `$TACTIC`, ATT&CK suggests using data that maps to the `$TYPES` STIX SCO object...

Thanks, @jcwilliamsATmitre, we appreciate the engagement! I thought it'd be helpful to re-phrase my questions as an affirmative proposal, to make clearer side-by-side comparisons to your proposal. Consider the following...

Another related project we use a lot is the MITRE [Cyber Analytics Repository (CAR)](https://car.mitre.org/) and its [CARET tool](https://mitre-attack.github.io/caret/#/). They also built a custom abstraction layer (their "[data model](https://car.mitre.org/data_model/)") explicitly inspired...

I appreciate the perspective, @ikiril01, along with all your work on STIX and CybOX! I'm excited to hear CAR is moving along full-speed to v8 and to non-windows platforms, and...

I hadn't thought of this use-case, thanks for bringing it up, I can see why it'd be helpful. It's not currently supported, but I'll tag this as an enhancement request...

@Vetpeet thanks for the question! Short answer: we hadn't planned to add any features to o365beat since the "official" filebeat 365 module dropped in 7.7.0. Even though the o365 module...

@robm82 I'll take a look today, thanks for the issue!

@robm82 we'll still be looking into this, but I just realized (a few months late) that filebeat [now supports o365 with an official module](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-o365.html), as of v7.7.0. It might be...

Absolutely, this is good feedback. This is related to the packaging issue in #10, where the build process (`make release`) uses the libbeat version (in this case 7.4.0) for some...