OASIS Cyber Threat Intelligence (CTI) TC

Proposed normative text available for flattening lists in Package - (Goal: Reach official consensus by Monday)

  • 1.  Proposed normative text available for flattening lists in Package - (Goal: Reach official consensus by Monday)

    Posted 02-11-2016 15:23






    Flattening of lists within Package is one of the issues that we seem to have general consensus on but have not yet agreed to normative text.


    Proposed normative text is now available for your review in the  STIX 2.0 Specification Pre-draft  document.
    It is fairly straightforward and should not take long to consider.
    Please review the normative text and add comments to the document for any concerns, questions or ideas you may have.
    If we do not see any significant concerns/objections to the normative text by Monday we will consider this issues to have officially achieved consensus and move on to others.


    For the quick convenience of anyone having difficulty accessing the live specification pre-draft document the relevant text is included below.








    STIX Package Object ( package )







    Property
    Name


    Type


    Description




    type
    (required)


    string


    Indicates that this object is a STIX Package. The value of this field
    MUST
    be package




    id
    (required)


    id


    From CTI-Common Core




    campaigns
    (optional)


    array
    of type   campaign


    Specifies a set of one or more Campaigns.




    course_of_actions
    (optional)


    array
    of type   course-of-action


    Specifies a set of one or more Courses of Action that could be taken in
    regard to one of more cyber threats .




    exploit_targets
    (optional)


    array
    of type exploit-target


    Specifies a set of zero or more potential targets for exploitation.




    identities
    (optional)


    array
    of type   identity


    Specifies a set of one or more identities of individuals or organizations.





    incidents
    (optional)


    array
    of type   incident


    Specifies a set of one or more cyber threat Incidents.




    indicators
    (optional)


    array
    of type indicator


    Specifies a set of one or more cyber threat Indicators.




    observations
    (optional)


    array
    of type   observation


    Specifies a set of one or more cyber observations.




    references
    (optional)


    array
    of type reference


    Specifies a set of one or more references to a non-STIX object




    relationships
    (optional)


    array
    of type   relationship


    Specifies a set of one or more relationships between top-level objects
    (TLOs).




    reports
    (optional)


    array
    of type report


    Specifies a set of one or more reports.




    sightings
    (optional)


    array
    of type sighting


    Specifies a set of one or more sightings.




    threat_actors
    (optional)


    array
    of type threat-actor


    Specifies a set of one or more Threat Actors.




    tools
    (optional)


    array
    of type tool


    Specifies a set of one or more tools that an adversary or analyst may
    leverage.




    ttps
    (optional)


    array
    of type ttp


    Specifies a set of one or more cyber threat adversary Tactics, Techniques
    or Procedures (TTPs)