Open johnwunder opened 8 years ago
Personally, would suggest normalizing this field and including it across all top-level STIX and CybOX constructs. See STIXProject/schemas#358
I suggest reviewing 8.3 Conceptual Threat Risk Model::Core Concept Library::Identifiers (Page 40) of http://www.threatrisk.org/spec/RevisedSubmission/Revised%20Operational%20Threat%20Risk%20Submission.pdf
This would serve the same purpose as Alternative_ID on Incident and External_ID on Incident.
(suggested by someone who wanted to remain anonymous)