OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] [cti] STIX 2.1 WD09 for CSD05



Please find below a draft for the stub Incident object that is being proposed for STIX 2.1. I didnât include a paragraph describing what an Incident object is used for, as the community has many varied ideas about this.Â





4.x Incident

Type Name: incident


Note: The Incident object in STIX 2.1 is a stub. It is included to support basic use cases but does not contain properties to represent metadata about incidents. Future STIX 2 releases will expand it to include these capabilities. It is suggested that it is used as an extension point for an Incident object defined using the extension facility described in section 7.3

4.x.1 Properties

Required Common Properties

type, spec_version, id, created, modified

Optional Common Properties

created_by_ref, revoked, labels, confidence, lang, external_references, object_marking_refs, granular_markings, extensions

Not Applicable Common Properties


Incident Specific Properties

name, description

Property Name



type (required)


The value of this property MUST be incident.

name (required)


A name used to identify the Incident.

description (optional)


A description that provides more details and context about the Incident, potentially including its purpose and its key characteristics.




From: <cti@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@broadcom.com>
Date: Monday, November 16, 2020 at 5:51 PM
To: OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Subject: [EXT] [cti] STIX 2.1 WD09 for CSD05




The editors have finished addressing the comments and suggestions that have been made thus far. We have a version of the document for your consideration. NOTE: this version does not yet have the stub for an incident object that TC members have asked for. So that will be in the next version. Please review the following sections:


3.2 - Extensions Property 

7.3 - The entire section 

11 - Note how we deprecated the custom properties sections

12.3.3 - Conformance language

Appendix C.2


Rich P will be submitting the stub language for Incident probably tomorrow. 




PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]