I suggest you remove description property. Certainly the definition of description in the proposed text is wrong and it is likely key characteristics is exactly the kind of thing that will require a proper taxonomy and language to describe incident characteristics formally. Unless you want to create a conflict with description and future attempts to resolve those issues it would save time by just avoiding even putting description.
All, Please find below a draft for the stub Incident object that is being proposed for STIX 2.1. I didnât include a paragraph describing what an Incident object is used for, as the community has many varied ideas about this. Rich P. 4.x Incident Type Name: incident Note: The Incident object in STIX 2.1 is a stub. It is included to support basic use cases but does not contain properties to represent metadata about incidents. Future STIX 2 releases will expand it to include these capabilities. It is suggested that it is used as an extension point for an Incident object defined using the extension facility described in section 7.3 4.x.1 Properties Required Common Properties | type, spec_version, id, created, modified | Optional Common Properties | created_by_ref, revoked, labels, confidence, lang, external_references, object_marking_refs, granular_markings, extensions | Not Applicable Common Properties | defanged | Incident Specific Properties | name, description | Property Name | Type | Description | type (required) | string | The value of this property MUST be incident. | name (required) | string | A name used to identify the Incident. | description (optional) | string | A description that provides more details and context about the Incident, potentially including its purpose and its key characteristics. |
All, The editors have finished addressing the comments and suggestions that have been made thus far. We have a version of the document for your consideration. NOTE: this version does not yet have the stub for an incident object that TC members have asked for. So that will be in the next version. Please review the following sections: 3.2 - Extensions Property 11 - Note how we deprecated the custom properties sections 12.3.3 - Conformance language Rich P will be submitting the stub language for Incident probably tomorrow.
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|