[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: type changing from "object" to "array" for cyber observable objects
Hi All,
I currently have a problem to implement search functions on cyber observable ojbects of STIX 2.0.
It's caused by the fact that JSON type for cyber observable objects is "OBJECT", not "ARRAY".
As shown below in the example, "0" and "1" are not reserved key names in STIX 2.0, but they are variable key names.
So, searching some objects by traversing all cyber observable objects is unnatural and difficult, especially with bigdata platform like elastic search etc..
<AS-IS: JSON object>-------
{
"0": {
"type": ...,
...
},
"1": {
...
}
}
I suggest that we should use "array" instead of "object"(which has "key:value" pair) as follows.
The name of object is added as common property or removed(if unnecessary)
<TO-BE: JSON array>--------------
[
{
"name": "0",
"type": ...,
...
},
{
"name": "1",
...
}
]
In this case, we can do search more fast and efficiently.
Members!,
How do you think about this issue?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]