Closed chrisr3d closed 10 months ago
Oh wait, should I still keep the hashes attributes? Maybe I should, and we have both for the 2 different use cases
I think it's fine. Maybe we should adapt the requiredOneOf
? to keep it more flexible even it's a bit more lax than the STIX 2.1 specs?
While I agree the
hashes
attribute, where we could concatenate all the hash types and values in a single text, made sense in the use we had of this object template - which was mostly to be referenced by afile
object which already has each single hash value - it is now different when we import an Artifact as described in the STIX 2.1 definition of a malware sample.In this case the artifact can be a standalone object, and it is more appropriate to extract the hash values separately