Add Ongoing Attacker Activity Outcome to Incident Core Extension

oasis-open / cti-stix-common-objects

OASIS Cyber Threat Intelligence (CTI) TC: A repository for commonly used STIX objects in order to avoid needless duplication. https://github.com/oasis-open/cti-stix-common-objects

BSD 3-Clause "New" or "Revised" License

84 stars 37 forks source link

Add Ongoing Attacker Activity Outcome to Incident Core Extension #22

Closed dc3-tsd closed 1 year ago

dc3-tsd commented 1 year ago

Added 'ongoing' to activity-outcome-enum to better capture data for ongoing incidents.
Removed outdated language from attacker_activity.pattern_ref
Fixed error in JSON schema where kill_chain_phases were not included in attacker_activities
Fixed error in the incident duplication example where one or two incidents in the example had not had the value updated to match the current enumeration.
Added examples of kill_chain_phases within attacker activities.