OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] external-references keywords


Wunder, John A. wrote this message on Tue, May 31, 2016 at 19:54 +0000:
> It does have some overlap, in the sense that you can pass a URL, but the primary purpose of the artifact object seems to be actually providing the content (either as a URL to download it from or as an encoded payload) while this type seems mostly about referencing other content (I would not expect a tool consuming these references to automatically download the content at the URL). So they seem differentiated enough to me to not worry about it...

I agree, there are difference, and they are also in different domains..
The differences being that external reference is not as free form as
an Artifact is...  An external reference is a domain id + identifier,
while an Artifact is just a byte stream.

External references is a STIX concept, and Artifact is a CybOX object.

> From: <cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
> Date: Tuesday, May 31, 2016 at 2:02 PM
> To: Rich Piazza <rpiazza@mitre.org>
> Cc: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
> Subject: Re: [cti-stix] external-references keywords
> 
> 
> FWIW, external_reference seems to have a lot of overlap with the Cybox Artifact object ( see
> 
> https://docs.google.com/document/d/1DdS-NrVTjGJ3wvCJ7dbSlhYeiaWS6G6dOXu2F3POpUs/edit#heading=h.3py86bmi9w34 )
> 
> Could there be some unification here?
> 
> -
> Jason Keirstead
> STSM, Product Architect, Security Intelligence, IBM Security Systems
> www.ibm.com/security | www.securityintelligence.com
> 
> Without data, all you are is just another person with an opinion - Unknown
> 
> 
> [nactive hide details for "Piazza, Rich" ---05/31/2016 02:44:29 PM---Hi ev]"Piazza, Rich" ---05/31/2016 02:44:29 PM---Hi everyone, I think these four keywords would cover all of the external reference details. I've in
> 
> From: "Piazza, Rich" <rpiazza@mitre.org>
> To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
> Date: 05/31/2016 02:44 PM
> Subject: [cti-stix] external-references keywords
> Sent by: <cti-stix@lists.oasis-open.org>
> 
> ________________________________
> 
> 
> 
> Hi everyone,
> 
> I think these four keywords would cover all of the external reference details. I’ve including some examples below. Can anyone think of some external reference that couldn’t be specified using these keywords?
> 
> Rich
> 
> 
> 
> external_references: array of {
> description : string
> external_id: string
> source: ov?
> url: url
> }
> 
> Any combination is legal
> 
> Examples:
> 
> CAPEC:
> 
> [ { “source”: “capec”, “external_id”: “capec-550” } ]
> 
> CAPEC with URL
> 
> [ { “source”: “capec”, “external_id”: “capec-550”, “url”: “http://capec.mitre.org/data/definitions/550.html”} ]
> 
> APT1:
> 
> [{ “description”: “APT1 report”, “url”: “http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf”}]
> 
> VERIS:
> 
> [{“source”: “veris”, “external_id”: “00C84D6A-CDB8-4A5B-A1A6-0D75A65274D7”}]
> 
> Jira:
> 
> [{“source”: “jira”, “external_id”: “TAB-1370”, “url”: “https://issues.oasis-open.org/browse/TAB-1370”}]
> 
> 
> 
> 
> 
> 
> 
> 



-- 
John-Mark


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]