x_mitre_data_sources missing for Mobile ATT&CK attack-patterns

[rubinatorz]

For Enterprise and ICS there is a x_mitre_data_sources attribute for the attack-pattern STIX objects. But for Mobile this attribute doesn't exist within the attack-pattern objects. Is it possible to include this to make it consistent with Enterprise and Mobile, or can you elaborate on the future of the x_mitre_data_sources attribute within the attack-pattern STIX objects?

[ElJocko]

Data sources are now described using the x-mitre-data-source and x-mitre-data-component object types. These provide a much richer description than the old x_mitre_data_sources property. However, because there are users who have legacy code that was dependent on the old x_mitre_data_sources property, we backfill that property for the Enterprise and ICS domains.

Because Mobile data sources were added after the move to the new data structures, we chose not to add the backfill for those objects. The plan is to drop the x_mitre_data_sources property altogether, though we haven't set a date for that yet. We recommend that all users move to use the new x-mitre-data-source and x-mitre-data-component objects.

[rubinatorz]

Hi @ElJocko,

Thanks for the reply and plans for this property. We also have some "legacy" 🤓 using the x_mitre_data_sources attribute. But I'm familar with the new data structures, so we will move towards that direction with that.