chrisr3d
commented
10 months ago Oh wait, should I still keep the hashes attributes? Maybe I should, and we have both for the 2 different use cases
Closed chrisr3d closed 10 months ago
chrisr3d
commented
10 months ago Oh wait, should I still keep the hashes attributes? Maybe I should, and we have both for the 2 different use cases
adulau
commented
10 months ago I think it's fine. Maybe we should adapt the requiredOneOf ? to keep it more flexible even it's a bit more lax than the STIX 2.1 specs?
While I agree the
hashesattribute, where we could concatenate all the hash types and values in a single text, made sense in the use we had of this object template - which was mostly to be referenced by afileobject which already has each single hash value - it is now different when we import an Artifact as described in the STIX 2.1 definition of a malware sample.In this case the artifact can be a standalone object, and it is more appropriate to extract the hash values separately