[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Re: [EXT] Re: [cti] Proposed Editing Changes to Common Properties in STIX 2.1 CSD 02
I can totally go for supported and unsupported... Also, please see the definition for the "identifier". We have tried to address how these will be different for SCOs and SDOs there. The hope was to put all of the normative statements around "identifiers" in one place, instead of having them in 10 different places in the document (where they conflicted with each other and were never kept in sync).
Text for Identifier:
Bret
From: Kirillov, Ivan A. <ikirillov@mitre.org>
Sent: Friday, May 3, 2019 3:14:49 PM To: Bret Jordan; Piazza, Rich; Allan Thomson Cc: cti@lists.oasis-open.org Subject: Re: [cti] Re: [EXT] Re: [cti] Proposed Editing Changes to Common Properties in STIX 2.1 CSD 02 I think this works fairly well, overall. I would agree with Allan that object-specific common properties (e.g., id for SCOs) would need to be specified in another way to avoid confusion. Also, I’m not sure if “used” is the best word describing these properties in relation to an object – maybe “supported” would work better? E.g., “Supported Common Properties” vs. “Unsupported Common Properties”.
Regards, Ivan
From:
<cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Email can also make a mess of these. So here are links to where they are all at in the documents.
List of all common properties that may exist on a STIX Object
Language-Content Example:
Attack Pattern SDO Example:
Artifact Object SCO Example:
Bret
From: Piazza, Rich <rpiazza@mitre.org>
Thanks Bret for including better examples.
I was realizing as I put the email together that Language Content wasn’t the best example…
From: Allan Thomson <athomson@lookingglasscyber.com>
That was not clear at all from the email Rich sent.
Was completely confused to say the least.
So you are saying that there will be 4 (FOUR) common property sections for each object type where each table will call out what is required vs optional for that specific object type.
Correct?
Allan
From: Bret Jordan <Bret_Jordan@symantec.com>
Allan,
This is an example for language content and we can do an example of this for SCOs.
The point is, that we will call out what is used, required, and optional on each object. So modified and such right now, today, are not required for SCOs. The table properties will reflect that.
Bret
Sent from my Commodore 128D
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]