Closed jieyu-lin closed 2 years ago
Hi, is there anyone can reply here?
Hey @jieyu-lin
Sorry for moving the issue forth and back. I am just not entirely sure I understand the issue. Could you please post a code snippet of your attempt?
Regards
Hi @nor3th , I can hardly find a code page representing this situation. Maybe you can go to this page: https://demo.opencti.io/dashboard/arsenal/malwares/deb7e062-f0b1-4d47-b30a-25797da1a18c
and find this
You can see that this malware object has Stix Standard ID: malware--0488ea7e-acaf-5f69-8115-ef0de9bbefb0
which is auto-generated by the system no matter it has its own stix id when importing into opencti. I am just finding that this scenario of Stix Standard ID is against official stix format. It should follow stix standard of identifier
to define a stix domain object id as: <type>--<uuid4>
. But apprently, on opencti system auto-created standard stix id is <type>--<uuid5>
.
@SamuelHassine @richard-julien Your thoughts on this?
Hi @jieyu-lin,
We decide to generate a uuidv5 as a standard id depending of data to have a powerful way of reconciliation for same elements coming from different sources that have different uuidv4.
In my opinion we respect the specification because OpenCTI generate uuidv5 with its own namespace to prevent collision and so respect the guideline (see if generating a UUIDv5 in the spec)
"they MUST NOT use a namespace of 00abedb4-aa42-466c-9c01-fed23315a9b7 if generating a UUIDv5.."
for info OPENCTI_NAMESPACE = 'b639ff3b-00eb-42ed-aa36-a8dd6f8fb4cf';
Closing this since the question should have been sufficiently answered.
Please replace every line in curly brackets { like this } with an appropriate answer, and remove this line.
Description
I currently review some object Standard STIX ID on opencti console. I am just confused about why using-- as a stix domain object standard id. The screen shot is on opencti.io and I click an random report.
I know there is an info icon indicates that it is a predictable id, so it possibly using uuid5 as stix id. However, I look up in stix2.1 standard document and it says stix domain object SHOULD use-- as object id.
It turns out when we use pycti api to export a standard stix2.1 objects, it used "Standard STIX ID" (--) as its object id rather than using Other STIX ID (--), which cause stix-validator error (id checking failed).
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
Expected a standard stix id SHOULD follow stix2.1 standard documents of--
Actual Output
Now standard STIX ID are--
Additional information