OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] [EXT] [cti] STIX 2.1 WD09 for CSD05

I suggest you remove description property. Certainly the definition of description in the proposed text is wrong and it is likely key characteristics is exactly the kind of thing that will require a proper taxonomy and language to describe incident characteristics formally. Unless you want to create a conflict with description and future attempts to resolve those issues it would save time by just avoiding even putting description.


On Nov 17, 2020, at 5:36 AM, Rich Piazza <rpiazza@mitre.org> wrote:

Please find below a draft for the stub Incident object that is being proposed for STIX 2.1.  I didnât include a paragraph describing what an Incident object is used for, as the community has many varied ideas about this.  
                Rich P.

4.x Incident

Type Name: incident
Note: The Incident object in STIX 2.1 is a stub. It is included to support basic use cases but does not contain properties to represent metadata about incidents. Future STIX 2 releases will expand it to include these capabilities.  It is suggested that it is used as an extension point for an Incident object defined using the extension facility described in section 7.3

4.x.1 Properties

Required Common Properties
type, spec_version, id, created, modified
Optional Common Properties
created_by_ref, revoked, labels, confidence, lang, external_references, object_marking_refs, granular_markings, extensions
Not Applicable Common Properties
Incident Specific Properties
name, description
Property Name
type (required)
The value of this property MUST be incident.
name (required)
A name used to identify the Incident.
description (optional)
A description that provides more details and context about the Incident, potentially including its purpose and its key characteristics.
From: <cti@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@broadcom.com>
Date: Monday, November 16, 2020 at 5:51 PM
To: OASIS CTI TC Discussion List <cti@lists.oasis-open.org>
Subject: [EXT] [cti] STIX 2.1 WD09 for CSD05
The editors have finished addressing the comments and suggestions that have been made thus far. We have a version of the document for your consideration. NOTE: this version does not yet have the stub for an incident object that TC members have asked for. So that will be in the next version. Please review the following sections:
3.2 - Extensions Property 
7.3 - The entire section 
11 - Note how we deprecated the custom properties sections
12.3.3 - Conformance language
Appendix C.2
Rich P will be submitting the stub language for Incident probably tomorrow. 
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]