OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Looking for Example Shell

I have been trying to make sure I'm up to date on what a STIX 2.0 document
will look like, and while there is a great deal of information about
particular object types and common attributes I haven't had much luck
finding an example of what the shell of a document will look like.  Does
anyone know if we have a generally agreed upon sample of this somewhere?

So far I have heard two different visions of STIX 2.0 the first more aligns
to STIX 1.X and roughly maps to a json format of:
Header: [],
Observables: [],
Indicators: [], ...
Relationships: []

The second moves to a node link model along the lines of:

Header: [],
Objects: [],
Relationships: []

I think that the second model makes lookups simpler when resolving
relationships while also making adding new object types easier, but also may
introduce additional challenges when attempting to validate the JSON's

I haven't found confirmation on what has been generally agreed upon or if a
consensus has been reached.

Jeffrey Mates, Civ DC3/DCCI
Computer Scientist
Defense Cyber Crime Institute

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]