OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Document review for stix-v2.0-csprd01-part2-stix-objects.docx

 

 

Hi,

 

I have been working on CTI standards and network security for my PhD dissertation. I have reviewed stix-v2.0-csprd01-part2-stix-objects.docx document.  My comments are listed below:

 

  1. If open vocabulary is defined for common external reference source names (CAPEC, CVE etc.), Interoperability will be increased between tools which will implement STIX 2.0
  2. Some SDO object references in examples are not defined in document. If an example references other SDO or SRO, referenced SDO or SRO should be in example text or should be defined in the beginning of standard document. It will be make more clear to understand examples.  All referenced SDO and SRO id list can be reviewed. Only one example of this situation:

 

In example of course_of_action (page 16), “created_by_ref” SDO is not referenced in example or in document. I can not reach the definition of SDO

 

[

  {

    "type": "course-of-action",

    "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",

    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",

    "created": "2016-04-06T20:03:48.000Z",

    "modified": "2016-04-06T20:03:48.000Z",

    "name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter",

    "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..."

  },

 

3-     Typo Errors

In example of course_of_action (page 16), for defining malware SDO property “relationship_type” must be “name”.

Examples

[

  {

    "type": "course-of-action",

    "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",

    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",

    "created": "2016-04-06T20:03:48.000Z",

    "modified": "2016-04-06T20:03:48.000Z",

    "name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter",

    "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..."

  },

  {

    "type": "relationship",

    "id": "relationship--44298a74-ba52-4f0c-87a3-1824e67d7fad",

    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",

    "created": "2016-04-06T20:06:37.000Z",

    "modified": "2016-04-06T20:06:37.000Z",

    "source_ref": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",

    "target_ref": "malware--31b940d4-6f7f-459a-80ea-9c1f17b5891b",

    "relationship_type": "mitigates"

  },

  {

    "type": "malware",

    "id": "malware--31b940d4-6f7f-459a-80ea-9c1f17b5891b",

    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",

    "created": "2016-04-06T20:07:09.000Z",

    "modified": "2016-04-06T20:07:09.000Z",

    "relationship_type": "Poison Ivy"

  }

]

 

 

 "relationship_type": "Poison Ivy" ->  "name": "Poison Ivy"

 

 

 

 

Sent from Mail for Windows 10

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]