TAXII filtering only requires a match field to be a string. A match field doesn't have to be a STIX object property. Because most match fields are STIX object properties, it might be useful in later TAXII versions to define formatting to distinguish property match fields from non-property match fields.
For example, there is no "relationships" property defined for any STIX object. We've defined "relationships-all" as an additional match filter. Formatting the match field as ":relationships-all" (adding a colon (":")) might be helpful.
We've also defined match fields that do calculations based on a STIX object property. For example, "confidence-gte", which considers the confidence property, might also be formatted as ":confidence-gte".
TAXII filtering only requires a match field to be a string. A match field doesn't have to be a STIX object property. Because most match fields are STIX object properties, it might be useful in later TAXII versions to define formatting to distinguish property match fields from non-property match fields.
For example, there is no "relationships" property defined for any STIX object. We've defined "relationships-all" as an additional match filter. Formatting the match field as ":relationships-all" (adding a colon (":")) might be helpful.
We've also defined match fields that do calculations based on a STIX object property. For example, "confidence-gte", which considers the confidence property, might also be formatted as ":confidence-gte".