You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using STIX samples from https://stix.mitre.org/language/version1.1.1/samples.html. How are attachments handled in STIX 2.1? Where should the file attachments.zip exist? Should attachments.zip be created part of the transformation process?
The elevator should have created a file or archive file which referenced an artifact. I'll look into this, but it might be beyond the capabilities of the elevator at this time.
I looked into this, and I was correct - the elevator doesn't handle this content. It is certainly legal STIX 1.x, but I don't think this would have been the optimal way to encode this email message. That was part of the problem with STIX 1.x, there were so many different ways to specify the same content.
For one, there is an <email:attachments> tag that I would probably have used instead of just having the attachment as a related object. Here is an example where that was done, and it is supported by the elevator.
I'm using STIX samples from https://stix.mitre.org/language/version1.1.1/samples.html. How are attachments handled in STIX 2.1? Where should the file attachments.zip exist? Should attachments.zip be created part of the transformation process?
https://raw.githubusercontent.com/STIXProject/schemas/version_1.1.1/samples/STIX_Email_wFullAttachment.xml
The text was updated successfully, but these errors were encountered: