[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti] Update from STIX Package renaming Mini-Group
Is this example correct? -Marlon From: cti@lists.oasis-open.org on behalf of Jordan, Bret Sent: Friday, April 29, 2016 7:05:43 PM To: Taylor, Marlon Cc: John Anderson; Mark Davidson; cti@lists.oasis-open.org Subject: Re: [cti] Update from STIX Package renaming Mini-Group Here you go....
Currently you can apply the data markings at the package level and have them inherit down to the all the objects in the package.
{ "type": "package", "id": "package--5e2cb95f-30c1-46d3-8b39-d97d34d82d3c", "created_by_ref": "source--5e2cb95f-30c1-46d3-8b39-d97d34AAAAAA", "created_time": "2016-04-29T14:09:00.123456Z", "revision": 1, "modified_time: "2016-04-29T14:09:00.123456Z", "object_marking_refs": ["marking-definition--089a6ecb-cc15-43cc-9494-767639779123"],
"spec_version": "stix-2.0", "indicators": [ { "type": "indicator", "id": "indicator--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_by_ref": "source--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created_time": "2016-04-29T14:09:00.123456Z", "revision": 1, "modified_time: "2016-04-29T14:09:00.123456Z", "title": "Poison Ivy Malware", "description": "This file is part of Poison Ivy", "pattern": "file-object.hashes.md5 = '3773a88f65a5e780c8dff9cdc3a056f3'" } ], {
"type": "marking-definition", "id": "marking-definition--089a6ecb-cc15-43cc-9494-767639779123", "created_time": "2016-02-19T09:11:01Z", "definition_type": "tlp", "definition": { "tlp": "GREEN" } } } What we are proposing is just putting the reference on each TLO instead of trying to "inherit" it from the Bundle / Package. { "type": "bundle", "spec_version": "stix-2.0", "indicators": [ { "type": "indicator", "id": "indicator--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_by_ref": "source--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created_time": "2016-04-29T14:09:00.123456Z", "revision": 1, "modified_time: "2016-04-29T14:09:00.123456Z", "object_marking_refs": ["marking-definition--089a6ecb-cc15-43cc-9494-767639779123"],
"title": "Poison Ivy Malware", "description": "This file is part of Poison Ivy", "pattern": "file-object.hashes.md5 = '3773a88f65a5e780c8dff9cdc3a056f3'" } ], {
"type": "marking-definition", "id": "marking-definition--089a6ecb-cc15-43cc-9494-767639779123", "created_time": "2016-02-19T09:11:01Z", "definition_type": "tlp", "definition": { "tlp": "GREEN" } } }
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]