OASIS Cyber Threat Intelligence (CTI) TC

Inconsistencies/typos in the specs

  • 1.  Inconsistencies/typos in the specs

    Posted 02-14-2017 19:32




    Some things to clean up on the next editing pass…
     
    ·         
    Part 2:

    o    
    Attack pattern example:  external_reference should have an external_id property

    o    
    Too nit-picky? The create time of the malware in the coa example is after the create time of the relationship that refers to it

    o    
    Same example:  the malware object has a “relationship_type” property, not a “name” property

    o    
    2016-01-201T17:00:00Z
    in the report example has a 3 digit day

    o    
    Probably too late to fix, but the threat-actor example is pretty skimpy
    ·         
    Part 4

    o    
    home_dir in unix-account-ext isn't a ref to a directory object, but just a string

    o    
    the x509 extension is named inconsistently:  most other extensions are "foo_ext", this one is 'x509-v3-extensions-type'

    o    
    In the x509-certificate properties table, there is no entry for extension, even though it has one.

    o    
    Timestamp in pe-binary-file needs a trailing Z

    o    
    Windows-service-ext example should have service_name, not display_name

    o    
    In the x509 example, validity_not_before and validity_not_after are after subject – but that is not the order in the table.  No big deal – but examples usually follow the order in the table.  Same
    for the