-
Notifications
You must be signed in to change notification settings - Fork 7
Active Issue: IDable Construct Properties
sbarnum edited this page Feb 10, 2016
·
23 revisions
There is general agreement that top-level objects across CTI (STIX and CybOX) should extend from a common base class (have a common set of properties). This was agreed to at the face to face and has not been challenged. The following table outlines the current consensus on the this common set of properties.
Property Name | Type | Description |
---|---|---|
id (required) | IDFormat | A globally unique identifier for this object |
type (required) | String | The type of construct being represented. This is a fixed value for each top-level object, formatted as all lowercase with ‘-’ as a separator (e.g. attack-pattern). This is a serialization-based field and derives from the type of the construct in the model. |
spec_version | VersionEnum | The release version of the language specification used to represent this construct |
created_at (required) | Timestamp | The time that the object with this ID was created |
created_by_ref (optional) | String | The ID of the Identity Object that describes who created this Object. Please note this is not who produced the analysis of information referred to contained within the Object, but who actually created the Object itself. |
marking_refs (optional) | Array | The set of “Level 1” markings (see STIX specification) applied to this object. |
structured_markings (optional) | Array | The set of “Level 2” markings (see STIX specification) applied to this object. |
----controlled_structures (required) | Array | A list of path selection statements (e.g. JSONPath), rooted at the top-level object that structured_markings is contained in, that the marking_refs apply to. |
----marking_refs (required) | Array | The list of markings that apply to the fields selected by controlled_structures. |