[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti] Update from STIX Package renaming Mini-Group
Can we get examples for the open question on markings? Thanks, -Marlon From: cti@lists.oasis-open.org on behalf of Jordan, Bret Sent: Friday, April 29, 2016 4:17:07 PM To: Taylor, Marlon Cc: John Anderson; Mark Davidson; cti@lists.oasis-open.org Subject: Re: [cti] Update from STIX Package renaming Mini-Group Currently we have:
{
"type": "package",
"id": "package--5e2cb95f-30c1-46d3-8b39-d97d34d82d3c",
"created_by_ref": "source--5e2cb95f-30c1-46d3-8b39-d97d34AAAAAA",
"created_time": "2016-04-29T14:09:00.123456Z",
"revision": 1,
"modified_time: "2016-04-29T14:09:00.123456Z",
"spec_version": "stix-2.0",
"indicators": [
{
"type": "indicator", "id": "indicator--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_by_ref": "source--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created_time": "2016-04-29T14:09:00.123456Z",
"revision": 1,
"modified_time: "2016-04-29T14:09:00.123456Z",
"title": "Poison Ivy Malware","description": "This file is part of Poison Ivy", "pattern": "file-object.hashes.md5 = '3773a88f65a5e780c8dff9cdc3a056f3'" } ]
}
What we are proposing is:
{
"type": "bundle",
"spec_version": "stix-2.0",
"indicators": [
{
"type": "indicator", "id": "indicator--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_by_ref": "source--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created_time": "2016-04-29T14:09:00.123456Z",
"revision": 1,
"modified_time: "2016-04-29T14:09:00.123456Z",
"title": "Poison Ivy Malware","description": "This file is part of Poison Ivy", "pattern": "file-object.hashes.md5 = '3773a88f65a5e780c8dff9cdc3a056f3'" } ]
}
Basically the bundle will be a simple wrapper for transmitting bulk STIX content without any implied meaning or context. It will also not contain any top level object properties as the bundle should not be versioned or IDed or anything. A consumer
would just throw the outer layer away after it received and processed the contents.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]