diff --git a/.github/workflows/python-ci-tests.yml b/.github/workflows/python-ci-tests.yml
index 692dfb5..683000a 100644
--- a/.github/workflows/python-ci-tests.yml
+++ b/.github/workflows/python-ci-tests.yml
@@ -10,13 +10,13 @@ jobs:
name: Python 3.x Build
steps:
- - uses: actions/checkout@v2
- - name: Use Node.js 12.x
- uses: actions/setup-node@v1
+ - uses: actions/checkout@v3
+ - name: Use Node.js 16
+ uses: actions/setup-node@v3
with:
- node-version: '12.x'
+ node-version: 16
- name: Set up Python 3.x
- uses: actions/setup-python@v2
+ uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install and update essential dependencies
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 6908972..40924a4 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,7 +2,7 @@
## Public Participation Invited
-This [OASIS TC Open Repository](https://www.oasis-open.org/resources/open-repositories) ( **[github.com/oasis-open/cti-stix2-json-schemas](https://github.com/oasis-open/cti-stix2-json-schemas)** ) is a community public repository that supports participation by anyone, whether affiliated with OASIS or not. Substantive contributions (repository "code") and related feedback is invited from all parties, following the common conventions for participation in GitHub public repository projects. Participation is expected to be consistent with the [OASIS TC Open Repository Guidelines and Procedures](https://www.oasis-open.org/policies-guidelines/open-repositories), the [LICENSE](https://www.oasis-open.org/sites/www.oasis-open.org/files/BSD-3-Clause.txt) designated for this particular repository (BSD-3-Clause License), and the requirement for an [Individual Contributor License Agreement](https://www.oasis-open.org/resources/open-repositories/cla/individual-cla). Please see the repository [README](https://github.com/oasis-open/cti-stix2-json-schemas/blob/master/README.md) document for other details.
+This [OASIS TC Open Repository](https://www.oasis-open.org/resources/open-repositories) ( **[github.com/oasis-open/cti-stix2-json-schemas](https://github.com/oasis-open/cti-stix2-json-schemas)** ) is a community public repository that supports participation by anyone, whether affiliated with OASIS or not. Substantive contributions (repository "code") and related feedback is invited from all parties, following the common conventions for participation in GitHub public repository projects. Participation is expected to be consistent with the [OASIS TC Open Repository Guidelines and Procedures](https://www.oasis-open.org/policies-guidelines/open-repositories), the [LICENSE](https://www.oasis-open.org/sites/www.oasis-open.org/files/BSD-3-Clause.txt) designated for this particular repository (BSD-3-Clause License), and the requirement for an [Individual Contributor License Agreement](https://cla-assistant.io/oasis-open/Open-Repo-admin). Please see the repository [README](https://github.com/oasis-open/cti-stix2-json-schemas/blob/master/README.md) document for other details.
## Governance Distinct from OASIS TC Process
@@ -14,7 +14,7 @@ Because different licenses apply to the OASIS TC's specification work, and this
## Contributions Subject to Individual CLA
-Formally, "contribution" to this TC Open Repository refers to content merged into the "Code" repository (repository changes represented by code [commits](https://github.com/oasis-open/cti-stix2-json-schemas/commits/master)), following the GitHub definition of _[contributor](https://help.github.com/articles/github-glossary/#contributor)_: "someone who has contributed to a project by having a pull request merged but does not have collaborator [*i.e.*, direct write] access." Anyone who signs the TC Open Repository [Individual Contributor License Agreement (CLA)](https://www.oasis-open.org/resources/open-repositories/cla/individual-cla), signifying agreement with the licensing requirement, may contribute substantive content — subject to evaluation of a GitHub pull request. The main web page for this repository, as with any GitHub public repository, displays a link to a document listing contributions to the repository's default branch (filtered by Commits, Additions, and Deletions).
+Formally, "contribution" to this TC Open Repository refers to content merged into the "Code" repository (repository changes represented by code [commits](https://github.com/oasis-open/cti-stix2-json-schemas/commits/master)), following the GitHub definition of _[contributor](https://help.github.com/articles/github-glossary/#contributor)_: "someone who has contributed to a project by having a pull request merged but does not have collaborator [*i.e.*, direct write] access." Anyone who signs the TC Open Repository [Individual Contributor License Agreement (CLA)](https://cla-assistant.io/oasis-open/Open-Repo-admin), signifying agreement with the licensing requirement, may contribute substantive content — subject to evaluation of a GitHub pull request. The main web page for this repository, as with any GitHub public repository, displays a link to a document listing contributions to the repository's default branch (filtered by Commits, Additions, and Deletions).
This TC Open Repository, as with GitHub public repositories generally, also accepts public feedback from any GitHub user. Public feedback includes opening issues, authoring and editing comments, participating in conversations, making wiki edits, creating repository stars, and making suggestions via pull requests. Such feedback does not constitute an OASIS TC Open Repository [contribution](#openRepoContribution). Some details are presented under "Read permissions" in the table of [permission levels](https://help.github.com/articles/repository-permission-levels-for-an-organization/) for a GitHub organization. Technical content intended as a substantive contribution (repository "Code") to an TC Open Repository is subject to evaluation, and requires a signed Individual CLA.
diff --git a/README.md b/README.md
index e141856..1398d0d 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ Initially, the associated TC members have designated one or more persons to serv
* [Jason Keirstead](mailto:Jason.Keirstead@ca.ibm.com); GitHub ID: [https://github.com/JasonKeirstead](https://github.com/JasonKeirstead); WWW: [IBM](http://www.ibm.com/)
* [Emily Ratliff](mailto:Emily.Ratliff@ibm.com); GitHub ID: [https://github.com/ejratl](https://github.com/ejratl); WWW: [IBM](http://www.ibm.com/)
- * [Duncan Sparrell](mailto:duncan@sfractal.com); GitHub ID: [https://github.com/sparrell](https://github.com/sparrell); WWW: [sFractal](http://sfractal.com/)
+ * [Rich Piazza](mailto:rpiazza@mitre.org); GitHub ID: [https://github.com/rpiazza](https://github.com/rpiazza) WWW: [MITRE](http://www.mitre.org/)
## About OASIS TC Open Repositories
diff --git a/pattern_grammar/STIXPattern.g4 b/pattern_grammar/STIXPattern.g4
index e125d7f..6ea8082 100644
--- a/pattern_grammar/STIXPattern.g4
+++ b/pattern_grammar/STIXPattern.g4
@@ -1,6 +1,6 @@
// This is an ANTLR4 grammar for the STIX Patterning Language.
//
-// http://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part5-stix-patterning.html
+// https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_e8slinrhxcc9
grammar STIXPattern;
@@ -50,7 +50,7 @@ propTest
| objectPath NOT? ISSUBSET StringLiteral # propTestIsSubset
| objectPath NOT? ISSUPERSET StringLiteral # propTestIsSuperset
| LPAREN comparisonExpression RPAREN # propTestParen
- | EXISTS objectPath # propTestExists
+ | NOT? EXISTS objectPath # propTestExists
;
startStopQualifier
diff --git a/schemas/common/binary.json b/schemas/common/binary.json
index 254f0d8..21177bc 100644
--- a/schemas/common/binary.json
+++ b/schemas/common/binary.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/binary.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "binary",
"description": "The binary data type represents a sequence of bytes. In order to allow pattern matching on custom objects, for all properties that use the binary type, the property name MUST end with '_bin'. The JSON MTI serialization represents this as a base64-encoded string as specified in RFC4648. Other serializations SHOULD use a native binary type, if available.",
"type": "string",
diff --git a/schemas/common/bundle.json b/schemas/common/bundle.json
index 847d61d..d016cfd 100644
--- a/schemas/common/bundle.json
+++ b/schemas/common/bundle.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/bundle.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "bundle",
"description": "A Bundle is a collection of arbitrary STIX Objects and Marking Definitions grouped together in a single container.",
"type": "object",
diff --git a/schemas/common/core.json b/schemas/common/core.json
index 1e10205..e898440 100644
--- a/schemas/common/core.json
+++ b/schemas/common/core.json
@@ -109,6 +109,11 @@
"type": "object",
"minProperties": 1,
"patternProperties": {
+ "^([a-z][a-z0-9]*)+(-[a-z0-9]+)*\\-ext$": {
+ "type": "object",
+ "minProperties": 1,
+ "allOf": [{ "$ref": "../common/properties.json" }]
+ },
"^extension-definition--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$": {
"allOf": [{ "$ref": "../common/extension.json" }]
}
@@ -148,4 +153,4 @@
"created",
"modified"
]
-}
\ No newline at end of file
+}
diff --git a/schemas/common/cyber-observable-core.json b/schemas/common/cyber-observable-core.json
index 969d98c..4114b94 100644
--- a/schemas/common/cyber-observable-core.json
+++ b/schemas/common/cyber-observable-core.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/cyber-observable-core.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "cyber-observable-core",
"description": "Common properties and behavior across all Cyber Observable Objects.",
"type": "object",
diff --git a/schemas/common/dictionary.json b/schemas/common/dictionary.json
index 3a26493..530d464 100644
--- a/schemas/common/dictionary.json
+++ b/schemas/common/dictionary.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/dictionary.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "dictionary",
"description": "A dictionary captures a set of key/value pairs",
"type": "object",
diff --git a/schemas/common/extension-definition.json b/schemas/common/extension-definition.json
index 060b870..1dccf88 100644
--- a/schemas/common/extension-definition.json
+++ b/schemas/common/extension-definition.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension-definition.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "extension-definition",
"description": "The STIX Extension Definition object allows producers of threat intelligence to extend existing STIX objects or to create entirely new STIX objects in a standardized way.",
"type": "object",
diff --git a/schemas/common/extension.json b/schemas/common/extension.json
index ffd8a08..f483c3e 100644
--- a/schemas/common/extension.json
+++ b/schemas/common/extension.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"minProperties": 1,
"properties": {
diff --git a/schemas/common/external-reference.json b/schemas/common/external-reference.json
index 632e3ad..3b0abe3 100644
--- a/schemas/common/external-reference.json
+++ b/schemas/common/external-reference.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/external-reference.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "external-reference",
"description": "External references are used to describe pointers to information represented outside of STIX.",
"type": "object",
diff --git a/schemas/common/granular-marking.json b/schemas/common/granular-marking.json
index c5f664a..56332c8 100644
--- a/schemas/common/granular-marking.json
+++ b/schemas/common/granular-marking.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/granular-marking.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "granular-marking",
"description": "The granular-marking type defines how the list of marking-definition objects referenced by the marking_refs property to apply to a set of content identified by the list of selectors in the selectors property.",
"type": "object",
diff --git a/schemas/common/hashes-type.json b/schemas/common/hashes-type.json
index 7ee62ed..5af86a9 100644
--- a/schemas/common/hashes-type.json
+++ b/schemas/common/hashes-type.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hashes-type.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "hashes",
"description": "The Hashes type represents one or more cryptographic hashes, as a special set of key/value pairs",
"type": "object",
diff --git a/schemas/common/hex.json b/schemas/common/hex.json
index 0f257e0..ea34c1b 100644
--- a/schemas/common/hex.json
+++ b/schemas/common/hex.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hex.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "hex",
"description": "The hex data type encodes an array of octets (8-bit bytes) as hexadecimal. The string MUST consist of an even number of hexadecimal characters, which are the digits '0' through '9' and the letters 'a' through 'f'. In order to allow pattern matching on custom objects, all properties that use the hex type, the property name MUST end with '_hex'.",
"type": "string",
diff --git a/schemas/common/identifier.json b/schemas/common/identifier.json
index 923b723..4e9c9fc 100644
--- a/schemas/common/identifier.json
+++ b/schemas/common/identifier.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/identifier.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "identifier",
"description": "Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.",
"type": "string",
diff --git a/schemas/common/kill-chain-phase.json b/schemas/common/kill-chain-phase.json
index d437b03..9bb6f7f 100644
--- a/schemas/common/kill-chain-phase.json
+++ b/schemas/common/kill-chain-phase.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/kill-chain-phase.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "kill-chain-phase",
"description": "The kill-chain-phase represents a phase in a kill chain.",
"type": "object",
diff --git a/schemas/common/language-content.json b/schemas/common/language-content.json
index 170e05f..aae1733 100644
--- a/schemas/common/language-content.json
+++ b/schemas/common/language-content.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/language-content.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "language-content",
"description": "The language-content object represents text content for STIX Objects represented in languages other than that of the original object.",
"type": "object",
diff --git a/schemas/common/marking-definition.json b/schemas/common/marking-definition.json
index 7abd4a7..32fa703 100644
--- a/schemas/common/marking-definition.json
+++ b/schemas/common/marking-definition.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/marking-definition.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "marking-definition",
"description": "The marking-definition object represents a specific marking.",
"type": "object",
diff --git a/schemas/common/properties.json b/schemas/common/properties.json
index 510ca2e..210bfd7 100644
--- a/schemas/common/properties.json
+++ b/schemas/common/properties.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/properties.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "properties",
"description": "Rules for custom properties",
"patternProperties": {
diff --git a/schemas/common/timestamp.json b/schemas/common/timestamp.json
index 555b6ef..82c697a 100644
--- a/schemas/common/timestamp.json
+++ b/schemas/common/timestamp.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/timestamp.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "timestamp",
"description": "Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.",
"type": "string",
diff --git a/schemas/common/url-regex.json b/schemas/common/url-regex.json
index 4c69a34..a7a96ab 100644
--- a/schemas/common/url-regex.json
+++ b/schemas/common/url-regex.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/url-regex.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "url-regex",
"description": "Matches a URI according to RFC 3986.",
"type": "string",
diff --git a/schemas/observables/artifact.json b/schemas/observables/artifact.json
index 84bf512..d215123 100644
--- a/schemas/observables/artifact.json
+++ b/schemas/observables/artifact.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/artifact.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "artifact",
"description": "The Artifact Object permits capturing an array of bytes (8-bits), as a base64-encoded string string, or linking to a file-like payload.",
"type": "object",
diff --git a/schemas/observables/autonomous-system.json b/schemas/observables/autonomous-system.json
index 3279630..b138c2c 100644
--- a/schemas/observables/autonomous-system.json
+++ b/schemas/observables/autonomous-system.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/autonomous-system.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "autonomous-system",
"description": "The AS object represents the properties of an Autonomous Systems (AS).",
"type": "object",
diff --git a/schemas/observables/directory.json b/schemas/observables/directory.json
index 955171b..e5c85c9 100644
--- a/schemas/observables/directory.json
+++ b/schemas/observables/directory.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/directory.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "directory",
"description": "The Directory Object represents the properties common to a file system directory.",
"type": "object",
diff --git a/schemas/observables/domain-name.json b/schemas/observables/domain-name.json
index 39de662..22804a5 100644
--- a/schemas/observables/domain-name.json
+++ b/schemas/observables/domain-name.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/domain-name.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "domain-name",
"description": "The Domain Name represents the properties of a network domain name.",
"type": "object",
diff --git a/schemas/observables/email-addr.json b/schemas/observables/email-addr.json
index 0bba9ff..c3894d2 100644
--- a/schemas/observables/email-addr.json
+++ b/schemas/observables/email-addr.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-addr.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "email-addr",
"description": "The Email Address Object represents a single email address.",
"type": "object",
diff --git a/schemas/observables/email-message.json b/schemas/observables/email-message.json
index e07bdc7..b00d958 100644
--- a/schemas/observables/email-message.json
+++ b/schemas/observables/email-message.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-message.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "email-message",
"description": "The Email Message Object represents an instance of an email message.",
"type": "object",
diff --git a/schemas/observables/file.json b/schemas/observables/file.json
index 31cfc71..b7af12e 100644
--- a/schemas/observables/file.json
+++ b/schemas/observables/file.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/file.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "file",
"description": "The File Object represents the properties of a file.",
"type": "object",
diff --git a/schemas/observables/ipv4-addr.json b/schemas/observables/ipv4-addr.json
index 9b2c068..4c4e983 100644
--- a/schemas/observables/ipv4-addr.json
+++ b/schemas/observables/ipv4-addr.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv4-addr.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "ipv4-addr",
"description": "The IPv4 Address Object represents one or more IPv4 addresses expressed using CIDR notation.",
"type": "object",
diff --git a/schemas/observables/ipv6-addr.json b/schemas/observables/ipv6-addr.json
index 48ccf5e..e79dc36 100644
--- a/schemas/observables/ipv6-addr.json
+++ b/schemas/observables/ipv6-addr.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv6-addr.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "ipv6-addr",
"description": "The IPv6 Address Object represents one or more IPv6 addresses expressed using CIDR notation.",
"type": "object",
diff --git a/schemas/observables/mac-addr.json b/schemas/observables/mac-addr.json
index 03480f3..eb12e87 100644
--- a/schemas/observables/mac-addr.json
+++ b/schemas/observables/mac-addr.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mac-addr.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "mac-addr",
"description": "The MAC Address Object represents a single Media Access Control (MAC) address.",
"type": "object",
diff --git a/schemas/observables/mutex.json b/schemas/observables/mutex.json
index 2d8ad28..ab3c725 100644
--- a/schemas/observables/mutex.json
+++ b/schemas/observables/mutex.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mutex.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "mutex",
"description": "The Mutex Object represents the properties of a mutual exclusion (mutex) object.",
"type": "object",
diff --git a/schemas/observables/network-traffic.json b/schemas/observables/network-traffic.json
index 2a4cfb8..0b70d7d 100644
--- a/schemas/observables/network-traffic.json
+++ b/schemas/observables/network-traffic.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/network-traffic.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "network-traffic",
"description": "The Network Traffic Object represents arbitrary network traffic that originates from a source and is addressed to a destination.",
"type": "object",
@@ -198,7 +198,10 @@
"description": "Specifies all of the HTTP header fields that may be found in the HTTP client request, as a dictionary.",
"patternProperties": {
"^.+$": {
- "type": "string"
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
}
},
"additionalProperties": false
diff --git a/schemas/observables/process.json b/schemas/observables/process.json
index 2dcfd57..215d0e7 100644
--- a/schemas/observables/process.json
+++ b/schemas/observables/process.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/process.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "process",
"description": "The Process Object represents common properties of an instance of a computer program as executed on an operating system.",
"type": "object",
diff --git a/schemas/observables/software.json b/schemas/observables/software.json
index fd10dc4..636cbcb 100644
--- a/schemas/observables/software.json
+++ b/schemas/observables/software.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/software.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "software",
"description": "The Software Object represents high-level properties associated with software, including software products.",
"type": "object",
diff --git a/schemas/observables/url.json b/schemas/observables/url.json
index 5072276..a26e870 100644
--- a/schemas/observables/url.json
+++ b/schemas/observables/url.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/url.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "url",
"description": "The URL Object represents the properties of a uniform resource locator (URL).",
"type": "object",
diff --git a/schemas/observables/user-account.json b/schemas/observables/user-account.json
index 7d374e9..a66e42a 100644
--- a/schemas/observables/user-account.json
+++ b/schemas/observables/user-account.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/user-account.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "user-account",
"description": "The User Account Object represents an instance of any type of user account, including but not limited to operating system, device, messaging service, and social media platform accounts.",
"type": "object",
diff --git a/schemas/observables/windows-registry-key.json b/schemas/observables/windows-registry-key.json
index 8634e11..a6a891b 100644
--- a/schemas/observables/windows-registry-key.json
+++ b/schemas/observables/windows-registry-key.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/windows-registry-key.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "windows-registry-key",
"description": "The Registry Key Object represents the properties of a Windows registry key.",
"type": "object",
diff --git a/schemas/observables/x509-certificate.json b/schemas/observables/x509-certificate.json
index 66bbd53..0ca0284 100644
--- a/schemas/observables/x509-certificate.json
+++ b/schemas/observables/x509-certificate.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/x509-certificate.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "x509-certificate",
"description": "The X509 Certificate Object represents the properties of an X.509 certificate.",
"type": "object",
diff --git a/schemas/sdos/attack-pattern.json b/schemas/sdos/attack-pattern.json
index e2c27d6..e8bc659 100644
--- a/schemas/sdos/attack-pattern.json
+++ b/schemas/sdos/attack-pattern.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/attack-pattern.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "attack-pattern",
"description": "Attack Patterns are a type of TTP that describe ways that adversaries attempt to compromise targets. ",
"type": "object",
diff --git a/schemas/sdos/campaign.json b/schemas/sdos/campaign.json
index 07cac45..d5d652d 100644
--- a/schemas/sdos/campaign.json
+++ b/schemas/sdos/campaign.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/campaign.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "campaign",
"description": "A Campaign is a grouping of adversary behavior that describes a set of malicious activities or attacks that occur over a period of time against a specific set of targets.",
"type": "object",
diff --git a/schemas/sdos/course-of-action.json b/schemas/sdos/course-of-action.json
index 742ae66..30bae88 100644
--- a/schemas/sdos/course-of-action.json
+++ b/schemas/sdos/course-of-action.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/course-of-action.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "course-of-action",
"description": "A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress. ",
"type": "object",
diff --git a/schemas/sdos/grouping.json b/schemas/sdos/grouping.json
index 3d12dd2..1aae14f 100644
--- a/schemas/sdos/grouping.json
+++ b/schemas/sdos/grouping.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/grouping.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "grouping",
"description": "A Grouping object explicitly asserts that the referenced STIX Objects have a shared content.",
"type": "object",
diff --git a/schemas/sdos/identity.json b/schemas/sdos/identity.json
index 26b1895..1da402f 100644
--- a/schemas/sdos/identity.json
+++ b/schemas/sdos/identity.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/identity.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "identity",
"description": "Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, or groups.",
"type": "object",
diff --git a/schemas/sdos/incident.json b/schemas/sdos/incident.json
index 772d3e8..08805f4 100644
--- a/schemas/sdos/incident.json
+++ b/schemas/sdos/incident.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/incident.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "incident",
"description": "The Incident object in STIX 2.1 is a stub, to be expanded in future STIX 2 releases.",
"type": "object",
diff --git a/schemas/sdos/indicator.json b/schemas/sdos/indicator.json
index 23f32aa..a19a60f 100644
--- a/schemas/sdos/indicator.json
+++ b/schemas/sdos/indicator.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/indicator.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "indicator",
"description": "Indicators contain a pattern that can be used to detect suspicious or malicious cyber activity.",
"type": "object",
diff --git a/schemas/sdos/infrastructure.json b/schemas/sdos/infrastructure.json
index 90a5687..7f06973 100644
--- a/schemas/sdos/infrastructure.json
+++ b/schemas/sdos/infrastructure.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/infrastructure.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "infrastructure",
"description": "Infrastructure objects describe systems, software services, and associated physical or virtual resources.",
"type": "object",
diff --git a/schemas/sdos/intrusion-set.json b/schemas/sdos/intrusion-set.json
index 4e9b53b..db99276 100644
--- a/schemas/sdos/intrusion-set.json
+++ b/schemas/sdos/intrusion-set.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/intrusion-set.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "intrusion-set",
"description": "An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization.",
"type": "object",
diff --git a/schemas/sdos/location.json b/schemas/sdos/location.json
index 0aa981b..7675dc1 100644
--- a/schemas/sdos/location.json
+++ b/schemas/sdos/location.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/location.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "location",
"description": "A Location represents a geographic location. The location may be described as any, some or all of the following: region (e.g., North America), civic address (e.g. New York, US), latitude and longitude.",
"type": "object",
diff --git a/schemas/sdos/malware-analysis.json b/schemas/sdos/malware-analysis.json
index e12dd32..90ead7b 100644
--- a/schemas/sdos/malware-analysis.json
+++ b/schemas/sdos/malware-analysis.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware-analysis.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "malware-analysis",
"description": "Malware Analysis captures the metadata and results of a particular analysis performed (static or dynamic) on the malware instance or family.",
"type": "object",
diff --git a/schemas/sdos/malware.json b/schemas/sdos/malware.json
index aaa7f33..d4267b5 100644
--- a/schemas/sdos/malware.json
+++ b/schemas/sdos/malware.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "malware",
"description": "Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.",
"type": "object",
diff --git a/schemas/sdos/note.json b/schemas/sdos/note.json
index 1ae4dba..12490b6 100644
--- a/schemas/sdos/note.json
+++ b/schemas/sdos/note.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/note.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "note",
"description": "A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object.",
"type": "object",
diff --git a/schemas/sdos/observed-data.json b/schemas/sdos/observed-data.json
index 7c702e6..6fa2c71 100644
--- a/schemas/sdos/observed-data.json
+++ b/schemas/sdos/observed-data.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/observed-data.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "observed-data",
"description": "Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification.",
"type": "object",
diff --git a/schemas/sdos/opinion.json b/schemas/sdos/opinion.json
index 04b62f6..a28aaa4 100644
--- a/schemas/sdos/opinion.json
+++ b/schemas/sdos/opinion.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/opinion.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "opinion",
"description": "An Opinion is an assessment of the correctness of the information in a STIX Object produced by a different entity and captures the level of agreement or disagreement using a fixed scale.",
"type": "object",
diff --git a/schemas/sdos/report.json b/schemas/sdos/report.json
index dab1592..448d97f 100644
--- a/schemas/sdos/report.json
+++ b/schemas/sdos/report.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/report.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "report",
"description": "Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details.",
"type": "object",
diff --git a/schemas/sdos/threat-actor.json b/schemas/sdos/threat-actor.json
index 9206b7b..fc9bd87 100644
--- a/schemas/sdos/threat-actor.json
+++ b/schemas/sdos/threat-actor.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/threat-actor.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "threat-actor",
"description": "Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent.",
"type": "object",
diff --git a/schemas/sdos/tool.json b/schemas/sdos/tool.json
index 7af850e..cc47dee 100644
--- a/schemas/sdos/tool.json
+++ b/schemas/sdos/tool.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/tool.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "tool",
"description": "Tools are legitimate software that can be used by threat actors to perform attacks.",
"type": "object",
diff --git a/schemas/sdos/vulnerability.json b/schemas/sdos/vulnerability.json
index 06be3ac..40838e8 100644
--- a/schemas/sdos/vulnerability.json
+++ b/schemas/sdos/vulnerability.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/vulnerability.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "vulnerability",
"description": "A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.",
"type": "object",
diff --git a/schemas/sros/relationship.json b/schemas/sros/relationship.json
index ad9faa5..2957c5a 100644
--- a/schemas/sros/relationship.json
+++ b/schemas/sros/relationship.json
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sros/relationship.json",
- "$schema": "http://json-schema.org/draft/2020-12/schema#",
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "relationship",
"description": "The Relationship object is used to link together two SDOs in order to describe how they are related to each other.",
"type": "object",