I'm looking at the Infrastructure SDO and its definition and it seems similar to MITRE Asset object.
The Infrastructure SDO represents a type of TTP and describes any systems, software services and any associated physical or virtual resources intended to support some purpose (e.g., C2 servers used as part of an attack, device or server that are part of defense, database servers targeted by an attack, etc.). While elements of an attack can be represented by other SDOs or SCOs, the Infrastructure SDO represents a named group of related data that constitutes the infrastructure.
So, here’s my thought: we have this custom object called MITRE Asset, right? But when I look at what Infrastructure covers, it seems like it’s already doing what MITRE Asset is supposed to do. It feels a bit like we’re doubling up on the same kind of information.
My suggestion is that maybe we could consider using just Infrastructure instead of MITRE Asset. This could help simplify things and keep our data model more streamlined. What do you think?
Hi there!
I'm looking at the Infrastructure SDO and its definition and it seems similar to MITRE Asset object.
Link for reference: https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_jo3k1o6lr9
So, here’s my thought: we have this custom object called MITRE Asset, right? But when I look at what Infrastructure covers, it seems like it’s already doing what MITRE Asset is supposed to do. It feels a bit like we’re doubling up on the same kind of information.
My suggestion is that maybe we could consider using just Infrastructure instead of MITRE Asset. This could help simplify things and keep our data model more streamlined. What do you think?