OASIS Cyber Threat Intelligence (CTI) TC: A repository for commonly used STIX objects in order to avoid needless duplication. https://github.com/oasis-open/cti-stix-common-objects
Update the Incident Core Extension with the following:
availability_impact is now availability_impacts and is a list of objects
external_impacts is now a list of objects instead of a list of strings
All lists of impact objects now include the following common fields: criticality, description, impacted_refs, labels
defender-activity timestamp is is broken into two parts like with attacker-activity and these are optional. Sequence information has been added which is shared between both activity types.
Outcome is now required for defender-activity with an additional options for "occurred" and "pending". This is shared with attacker-activity. This property is required for both.
Updated schema and examples to conform with these changes
rpiazza
commented
1 year ago
Update the Incident Core Extension with the following:
availability_impactis nowavailability_impactsand is a list of objectsexternal_impactsis now a list of objects instead of a list of stringscriticality,description,impacted_refs,labels