RE: Changes to the Open-OASIS Common Object Repository

["Ailshire, David <CTR>" <david.ailshire@associates.hq.dhs.gov>]

Rich,

 

I was working in the Common Object Repository this morning looking for a specific identity/location combination. Is it possible to provide a way to  identify what the identity and location objects refer to so there wouldn’t be a need to open each one to discover the contents?

 

Thanks,

 

Dave

 

David Ailshire

Enterprise System Engineer

BCMC Group LLC  supporting

Capability Delivery

M: 703.863.6913

David.ailshire@associates.hq.dhs.gov

David.Ailshire.ctr@us-cert.gov

dailshire@bcmcgroup.com

 

 

 

From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> On Behalf Of Rich Piazza
Sent: Wednesday, November 3, 2021 4:09 PM
To: cti@lists.oasis-open.org
Subject: [cti] Changes to the Open-OASIS Common Object Repository

 

CAUTION: This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns.

 

For those of you who are interested in the STIX Common Object Repository (https://github.com/oasis-open/cti-stix-common-objects), the maintainers of the repo are suggesting a change to the objects that are contained within it.  This change should be completely transparent, and if you are referencing any of the objects from the repository in your content, the identifier will still be valid. A new version (i.e., with a new modified date) will be created, which will no longer contain the object-marking-refs property.  If you have any concerns, please contact us by 11/12.

 

            Rich Piazza

            Chris Lenk

 

--

Rich Piazza

Lead Cyber Security Engineer

The MITRE Corporation

781-271-3760

 

 

 

Some details:

 

Because the common objects are stored in the Open-OASIS Github repository, the README contains the following clause, as you know:

 

All contributions made to this TC Open Repository are subject to open source license terms expressed in BSD-3-Clause License. That license was selected as the declared Applicable License when the TC voted to create this Open Repository.

 

It was decided to create a STIX data marking object with this information – 

https://github.com/oasis-open/cti-stix-common-objects/blob/main/objects/marking-definition/marking-definition--62fd3f9b-15f3-4ebc-802c-91fce9536bcf.json

 

{

	"type": "marking-definition",
	"spec_version": "2.1",
	"id": "marking-definition--62fd3f9b-15f3-4ebc-802c-91fce9536bcf",
	"created": "2021-03-13T20:09:20.886268Z",
	"definition_type": "statement",
	"definition": {
	"statement": "This content is subject to open source license terms expressed in the BSD-3-Clause License. For more information, please see https://github.com/oasis-open/cti-stix-common-objects"
	}
	}

 

All other objects in the repository refer to this data marking.  For instance:

 

{

            "type": "location",

            "spec_version": "2.1",

            "id": "location--a72ce27b-7f1a-4b17-ad17-002295206218",

            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",

            "created": "2021-03-13T20:09:21.166112Z",

            "modified": "2021-03-13T20:09:21.166112Z",

            "name": "United States",

            "country": "US",

            "object_marking_refs": [

                "marking-definition--62fd3f9b-15f3-4ebc-802c-91fce9536bcf"

            ]

        }

 

However, it may be the case that certain implementations do not accept this type of data marking definition (statement).

 

Therefore to make these objects maximally useful, we want to remove references to this marking object from all of the objects. 

 

The README/LICENSE files still have the appropriate license information.