cti-stix message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Clarity needed on deprecation of releationships on some key SCO objects when no STIX Pattern capability exists
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: cti-stix@lists.oasis-open.org
- Date: Mon, 16 Dec 2019 09:38:39 -0400
On some SCO objects
relationships such as resolves_to_refs have been deprecated in favour of
the new SCO relationship mechanism. However, we have not yet codified how
one is to traverse these relationships inside a STIX pattern.
As a result -
there is now no way to match in a pattern against an SCO object that is
tying an IP address and a domain name or an IP and an ASN.
We have this use
case actually in use today - and are unsure how to bring this forward to
2.1. Is the producer supposed to use the deprecated form in order to communicate
this use case? Since using the new form, is not going to work with patterning?
2.1 CSD 02 illustrates
this problem because resolves_to_refs is marked as deprecated, yet it is
used in two different examples. Using deprecated properties in examples
is very odd.
I think that either
guidelines need to be added as to how to handle this use case that exists
in 2.1, or resolves_to_refs and belongs_to_refs should not be marked as
deprecated.
-
Jason Keirstead
Chief Architect - IBM Security Threat Management
www.ibm.com/security
"Would you like me to give you a formula for success? It's quite simple,
really. Double your rate of failure."
- Thomas J. Watson
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]