Here are some corrections that I have for STIX 2.1 committee spec 01.
4.6 Indicator â The malware object in the example is missing the
is_family property.
4.15 Report â Replace âââ in the identity object in the example with
modified and created properties to have a complete & valid example. The reportâs
published property is an invalid date because it has 3 digits for the day:
"2016-01-201T17:00:00Z". The relationshipâs
target_ref property should have the id of the campaign in the example: campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c.
6.12 Network Traffic Object â The network traffic object example under Network Traffic with Netflow Data has an invalid
src_ref identifier. It is one digit short and should have a 7 added to the end to point to one of the ipv4-addr objects in the example.
6.13 Process Object â The process object in the Basic Process example has
created as a property instead of created_time.
7.2.1.3 Statement Marking Object Type â The statement marking definition example uses the id of TLP:GREEN. This should get a new id since the ids for the TLP marking definitions are reserved.
On a side note, the Poison Ivy JSON example at
https://oasis-open.github.io/cti-documentation/stix/examples is missing
is_family from all of the malware objects.
|
|
|
Nick Schwane / Software
Engineer
Celerium
|
