Incident Extension Rework

oasis-open / cti-stix-common-objects

OASIS Cyber Threat Intelligence (CTI) TC: A repository for commonly used STIX objects in order to avoid needless duplication. https://github.com/oasis-open/cti-stix-common-objects

BSD 3-Clause "New" or "Revised" License

84 stars 36 forks source link

Incident Extension Rework #33

Closed dc3-tsd closed 1 year ago

dc3-tsd commented 1 year ago

Reworking the Core Incident Extension 1.0 into several separate extensions and documenting all of these using adoc. This branch is expected to undergo changes based on reviews and feedback by the TC as well as interested contributors and reviewers on GitHub. Many of the examples are currently incorrect and do not match the JSON schemas as these components continue to be reworked.

adulau commented 1 year ago

Maybe an additional minor point, concerning 5.9. Task Outcome Enumeration, should we add discarded ? which is task which intended to be discarded during an investigation.

Update: Following the latest call, the description for cancelled will include discarded to clarify it.

ejratl commented 1 year ago

Thank you for this incredible work, @dc3-tsd