OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Changes to the Common Object Repository (COR)

Hi All,

 

With the introduction of the new OASIS-OPEN repo for python-stix2 extensions (https://github.com/oasis-open/cti-python-stix2-extensions), a discussion of naming subdirectories was needed.

 

It is proposed that this naming convention should be followed:

 

<STIX object type name>-<extension definition id's UUID first three letters>. 

 

For multiple extension definitions which are related, use the "root" STIX object type name.  (e.g., the “Incident” extension also defines Task, Event and Impact) therefore the directory name is:

 

incident-ef7

 

Because new marking-definitions are someone unique, we propose that the marking definition name be included in the directory name.

 

                acs-marking-definition-3a6

 

Once the final extension policy is approved, there could be multiple extensions based on the same existing STIX object, or new concept.  Adding the first three letters of the UUID deals with name collisions.

 

It is proposed that the COR would use similar names (see https://github.com/oasis-open/cti-stix-common-objects/tree/main/extension-definition-specifications).

 

This is to reduce confusion between the two repositories.

 

Unfortunately, we “jumped the gun” and made these changes before they were discussed with the TC.

 

If there are any objections to this naming convention, we will revert to the old names.  Additionally, if you have a preferred naming convention, please suggest it.

 

This is a list of the extensions, with their old and new directory names:

 

Old                                                         New                                                                      

 

acs-data-markings                            acs-marking-definition-3a6

malware-artifact                               artifact-805

identity-contact-information        identity-66e

incident-core                                      incident-ef7

malware-behavior                            malware-behavior-8e9

 

stix-1x and tlp-2.0 have not been renamed.

 

You may notice some additional extensions, which will be discussed at a future working call.

 

Extension-definition objects in https://github.com/oasis-open/cti-stix-common-objects/tree/main/objects/extension-definition have been updating to conform with this change.

 

All the best,

 

                Rich

 

 

--

Rich Piazza

Lead Cyber Security Engineer

The MITRE Corporation

––––––––––––––––––––––––––––––––––––

MITRE - Solving Problems for a Safer World™

 

 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]