search

oasis-tcs / cti-stix2

OASIS CTI TC: Provides issue tracking and wiki pages for the STIX 2.x Work Products
https://github.com/oasis-tcs/cti-stix2
Other
24 stars 9 forks source link

Sightings of Observables with Descriptions #256

Closed jordan2175 closed 3 years ago

jordan2175 commented 3 years ago

This came in via email during public review:

I ran into a bit of weirdness when modelling some data I received in STIX 2.1. In this case it was with sensor data that had descriptions descriptions, and from what I can see the only way to get a description of these is to: https://www.oasis-open.org/apps/org/workgroup/cti/email/archives/202103/msg00000.html

  1. Create the SCOs
  2. Make observations of the SCOs
  3. Make a sighting of the observations of the SCOs with a description

I suspect it is now too late to do this, but it could be useful if Observed Data objects include a description property or if Sighting could be a sighting on an SCO directly in order to shorten this chain. If others have run into this issue I'm curious how you worked through it.

//SIGNED//

Jeffrey Mates, Civ DC3/TSD

jordan2175 commented 3 years ago

We talked on the call and Jeff said the way to solve this to use the Note object.