Re: [cti-stix] Re: [EXT] [cti-stix] New property names for previous label properties

["Wunder, John A." <jwunder@mitre.org>]

Hey all,

 

We discussed this on the working call and had a quick straw poll. The options we discussed were:

 

1. *_types (indicator_types, malware_types, threat_actor_types, etc.): 5 votes
2. Keep these values from the vocab in labels (as they are now), add a new property called tags to capture the user-defined tagging: 4 votes
3. Something else: 0 votes
4. Abstain: 5

 

If you haven’t weighed in on this topic yet, can you please shoot a message to the list to help us decide? It can be just a quick “I like #3”, or it can be something with a longer description, or it can be a new suggestion to consider. You can also comment on github: https://github.com/oasis-tcs/cti-stix2/issues/37.

 

We need to resolve this issue before we can finish CSD01 so any feedback is appreciated.

 

Thanks,

John

 

From: <cti-stix@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com>
Date: Friday, April 6, 2018 at 5:13 PM
To: "Bret Jordan (CS)" <Bret_Jordan@symantec.com>, John Wunder <jwunder@mitre.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: Re: [cti-stix] Re: [EXT] [cti-stix] New property names for previous label properties

 

Agree with Bret’s issues. I posted my comment to the github repo and suggested an alternative.

 

Allan Thomson

CTO (+1-408-331-6646)

LookingGlass Cyber Solutions

From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Friday, April 6, 2018 at 1:57 PM
To: "Wunder, John" <jwunder@mitre.org>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: [cti-stix] Re: [EXT] [cti-stix] New property names for previous label properties

 

As noted in the Github issue tracker, I really dislike the "_type" names.  I think it will be really confusing for people long term.

 

Bret

---

From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Wunder, John A. <jwunder@mitre.org>
Sent: Friday, April 6, 2018 2:34:58 PM
To: cti-stix@lists.oasis-open.org
Subject: [EXT] [cti-stix] New property names for previous label properties

 

Hey all,

 

Per Issue 37 (https://github.com/oasis-tcs/cti-stix2/issues/37), the TC has decided to stop using the labels property for the default vocabularies we have on some object types that generally categorizes the object. Given that change, we need to name the new properties on each of the objects that the change applies to.

 

After hearing from Jason on Slack, I captured some potential names in the last comment on that github issue (https://github.com/oasis-tcs/cti-stix2/issues/37#issuecomment-379361610). Can you please take a moment and review those suggestions? If you agree, please +1 my comment or respond over e-mail. If you disagree and have a different suggestion, please comment in Github or respond over e-mail. I’d like to get at least a few people to positively agree to these decisions…especially if you were a proponent of making the change called out in the issue.

 

You can find the vocabs themselves in Part 1 (https://docs.google.com/document/d/1ShNq4c3e1CkfANmD9O--mdZ5H0O_GLnjN28a_yrEaco/edit) and the definitions for how they’re used in the objects in Part 2 (https://docs.google.com/document/d/1bkMmU1PxlwlAwjrMmyWV147rvLcRs2x62FicHbpH2gU/edit). Just search for the object name.

 

Many of the suggestions are “_type”…just note that there’s already a “type” property on the objects, so it would lead to both a required “type” property and a required “indicator_type” property on Indicator, for example. That may be fine, it was just pointed out already in Slack so I wanted to bring it up here.

 

Thanks!

John