[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Accommodate 'set-to' for CRUD type of actions.
All, I took the liberty of capturing the different approaches to accommodating the 'new value' in working-draft six of the language spec. Please review to ensure that I accurately captured the gist of the ideas and confirm that I did not exclude. METHOD ONE was authored by a member when they were presenting a redirect use case and they did not know where to put the destination URL METHOD TWO was authored by a member who was building code off of a 'language description document' that was drafted in the pre-oasis days METHOD THREE was authored by a member working on data modeling METHOD FOUR was recently authored by a member that was addressing some of the shortcomings of the previous three proposals. METHOD FIVE??? Authored by anyone who does not see the previous methods as viable. Here is an exact paste of what I added via suggest mode. DO violence with your red pens: Note -The current draft of the language spec has some ambiguity with respect to communicating the new value for commands such as 'set', 'redirect' and so on. In the course of deliberations, we have seen the following approaches Please modify/ comment or provide additional alternatives: METHOD ONE: Create 'action options' for commands such as 'set, update, redirect' so your command would look something like: "action": { "type": "redirect", "options": { "dst_url": "http://newdest.com/home" } }, "target": { "url": "http://www.badguy.com/" }, "actuator": { "threat_intelligence_gateway":{ "asset_id": "snafo.tig1.mycompany.com" } METHOD TWO: Put the new value in the command options field as a key value pair so your command would look something like: "action":{ "redirect" }, "target": { "url": "http://www.badguy.com/" }, "actuator": { "threat_intelligence_gateway":{ } "command-opt": {"dst_url": "http://newdest.com/home"} METHOD THREE: Put it in the target data model (or even create a target type) so your command would look something like: "action":{ "set" }, "target": { "x-config": {logging: True} }, "actuator": { "threat_intelligence_gateway":{ } METHOD FOUR: Create a new top level field called 'values' "action": "set", "target":{ "file": { "name": "evil.exe", "hashes":[ { "value": "098F6BCD4621D373CADE4E832627B4F6", "type": "md5" }, { "value": "A94A8FE5CCB19BA61C4C0873D391E987982FBBD3", "type": "sha1" } ] }} "value":{ "file": { "severity": 7, "comment": "Reputation assessed by STIX, set via OpenC2", }}
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]