OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: Inconsistencies/typos in the specs

One more thing in Part 4:

·         In the “Basic Stream Socket” socket-ext example: is_listening should be a boolean, not a string.


From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Piazza, Rich
Sent: Tuesday, 14 February, 2017 2:31 PM
To: cti@lists.oasis-open.org
Subject: [cti] Inconsistencies/typos in the specs


Some things to clean up on the next editing pass…


·         Part 2:

o   Attack pattern example:  external_reference should have an external_id property

o   Too nit-picky? The create time of the malware in the coa example is after the create time of the relationship that refers to it

o   Same example:  the malware object has a “relationship_type” property, not a “name” property

o   2016-01-201T17:00:00Z in the report example has a 3 digit day

o   Probably too late to fix, but the threat-actor example is pretty skimpy

·         Part 4

o   home_dir in unix-account-ext isn't a ref to a directory object, but just a string

o   the x509 extension is named inconsistently:  most other extensions are "foo_ext", this one is 'x509-v3-extensions-type'

o   In the x509-certificate properties table, there is no entry for extension, even though it has one.

o   Timestamp in pe-binary-file needs a trailing Z

o   Windows-service-ext example should have service_name, not display_name

o   In the x509 example, validity_not_before and validity_not_after are after subject – but that is not the order in the table.  No big deal – but examples usually follow the order in the table.  Same for the


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]