From bacee161fe79de87bd8ea0f633a042432a274d9e Mon Sep 17 00:00:00 2001 From: jweissm Date: Mon, 21 Feb 2022 12:41:53 -0800 Subject: [PATCH 01/18] added interop directory, added schemas --- schemas/interop/attack-pattern-interop.json | 9 +++++++++ schemas/interop/campaign-interop.json | 7 +++++++ schemas/interop/course-of-action-interop.json | 7 +++++++ schemas/interop/grouping-interop.json | 8 ++++++++ schemas/interop/identity-interop.json | 7 +++++++ schemas/interop/indicator-interop.json | 9 +++++++++ schemas/interop/infrastructure-interop.json | 8 ++++++++ schemas/interop/intrusion-set-interop.json | 9 +++++++++ schemas/interop/location-interop.json | 8 ++++++++ schemas/interop/malware-analysis-interop.json | 12 ++++++++++++ schemas/interop/malware-interop.json | 14 ++++++++++++++ schemas/interop/note-interop.json | 7 +++++++ schemas/interop/observed-data-inerop.json | 8 ++++++++ schemas/interop/opinion-interop.json | 7 +++++++ schemas/interop/relationship-interop.json | 7 +++++++ schemas/interop/report-interop.json | 8 ++++++++ schemas/interop/sighting-interop.json | 10 ++++++++++ schemas/interop/threat-actor-interop.json | 12 ++++++++++++ schemas/interop/tool.json | 8 ++++++++ schemas/interop/vulnerability-interop.json | 8 ++++++++ 20 files changed, 173 insertions(+) create mode 100644 schemas/interop/attack-pattern-interop.json create mode 100644 schemas/interop/campaign-interop.json create mode 100644 schemas/interop/course-of-action-interop.json create mode 100644 schemas/interop/grouping-interop.json create mode 100644 schemas/interop/identity-interop.json create mode 100644 schemas/interop/indicator-interop.json create mode 100644 schemas/interop/infrastructure-interop.json create mode 100644 schemas/interop/intrusion-set-interop.json create mode 100644 schemas/interop/location-interop.json create mode 100644 schemas/interop/malware-analysis-interop.json create mode 100644 schemas/interop/malware-interop.json create mode 100644 schemas/interop/note-interop.json create mode 100644 schemas/interop/observed-data-inerop.json create mode 100644 schemas/interop/opinion-interop.json create mode 100644 schemas/interop/relationship-interop.json create mode 100644 schemas/interop/report-interop.json create mode 100644 schemas/interop/sighting-interop.json create mode 100644 schemas/interop/threat-actor-interop.json create mode 100644 schemas/interop/tool.json create mode 100644 schemas/interop/vulnerability-interop.json diff --git a/schemas/interop/attack-pattern-interop.json b/schemas/interop/attack-pattern-interop.json new file mode 100644 index 0000000..4ec508d --- /dev/null +++ b/schemas/interop/attack-pattern-interop.json @@ -0,0 +1,9 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/attack-pattern-interop.json", + "$ref": "../sdos/attack-pattern.json", + "required": [ + "external_references", + "kill_chain_phases", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/campaign-interop.json b/schemas/interop/campaign-interop.json new file mode 100644 index 0000000..d2b2b42 --- /dev/null +++ b/schemas/interop/campaign-interop.json @@ -0,0 +1,7 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/campaign-interop.json", + "$ref": "../sdos/campaign.json", + "required": [ + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/course-of-action-interop.json b/schemas/interop/course-of-action-interop.json new file mode 100644 index 0000000..9124b7c --- /dev/null +++ b/schemas/interop/course-of-action-interop.json @@ -0,0 +1,7 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/course-of-action-interop.json", + "$ref": "../sdos/course-of-actioin.json", + "required": [ + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/grouping-interop.json b/schemas/interop/grouping-interop.json new file mode 100644 index 0000000..1904c07 --- /dev/null +++ b/schemas/interop/grouping-interop.json @@ -0,0 +1,8 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/grouping-interop.json", + "$ref": "../sdos/grouping.json", + "required": [ + "identities_class", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/identity-interop.json b/schemas/interop/identity-interop.json new file mode 100644 index 0000000..5025723 --- /dev/null +++ b/schemas/interop/identity-interop.json @@ -0,0 +1,7 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/identity-interop.json", + "$ref": "../sdos/identity.json", + "required": [ + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/indicator-interop.json b/schemas/interop/indicator-interop.json new file mode 100644 index 0000000..8ec9773 --- /dev/null +++ b/schemas/interop/indicator-interop.json @@ -0,0 +1,9 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/indicator-interop.json", + "$ref": "../sdos/indicator.json", + "required": [ + "type", + "indicator_types", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/infrastructure-interop.json b/schemas/interop/infrastructure-interop.json new file mode 100644 index 0000000..48ac90d --- /dev/null +++ b/schemas/interop/infrastructure-interop.json @@ -0,0 +1,8 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/infrastructure-interop.json", + "$ref": "../sdos/infrastructure.json", + "required": [ + "infrastructure_types", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/intrusion-set-interop.json b/schemas/interop/intrusion-set-interop.json new file mode 100644 index 0000000..8f2768f --- /dev/null +++ b/schemas/interop/intrusion-set-interop.json @@ -0,0 +1,9 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/intrusion-set-interop.json", + "$ref": "../sdos/intrusion-set.json", + "required": [ + "resource_leve", + "primary_motivation", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/location-interop.json b/schemas/interop/location-interop.json new file mode 100644 index 0000000..38264be --- /dev/null +++ b/schemas/interop/location-interop.json @@ -0,0 +1,8 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/location-interop.json", + "$ref": "../sdos/location.json", + "required": [ + "region", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/malware-analysis-interop.json b/schemas/interop/malware-analysis-interop.json new file mode 100644 index 0000000..fa679ae --- /dev/null +++ b/schemas/interop/malware-analysis-interop.json @@ -0,0 +1,12 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/malware-analysis-interop.json", + "$ref": "../sdos/malware-analysis.json", + "required": [ + "version", + "submitted", + "analysis_started", + "analysis_ended", + "result", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/malware-interop.json b/schemas/interop/malware-interop.json new file mode 100644 index 0000000..3b38776 --- /dev/null +++ b/schemas/interop/malware-interop.json @@ -0,0 +1,14 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/malware-interop.json", + "$ref": "../sdos/malware.json", + "required": [ + "name", + "malware_types", + "first_seen", + "last_seen", + "architecture_exectuion_envs", + "implementation_languages", + "capabiliites", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/note-interop.json b/schemas/interop/note-interop.json new file mode 100644 index 0000000..1e989c3 --- /dev/null +++ b/schemas/interop/note-interop.json @@ -0,0 +1,7 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/note-interop.json", + "$ref": "../sdos/note.json", + "required": [ + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/observed-data-inerop.json b/schemas/interop/observed-data-inerop.json new file mode 100644 index 0000000..32c83f4 --- /dev/null +++ b/schemas/interop/observed-data-inerop.json @@ -0,0 +1,8 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/observed-data-interop.json", + "$ref": "../sdos/observed-data.json", + "required": [ + "object_refs", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/opinion-interop.json b/schemas/interop/opinion-interop.json new file mode 100644 index 0000000..5d2f8ad --- /dev/null +++ b/schemas/interop/opinion-interop.json @@ -0,0 +1,7 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/opinion-interop.json", + "$ref": "../sdos/opinion.json", + "required": [ + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/relationship-interop.json b/schemas/interop/relationship-interop.json new file mode 100644 index 0000000..fec1a38 --- /dev/null +++ b/schemas/interop/relationship-interop.json @@ -0,0 +1,7 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/relationship-interop.json", + "$ref": "../sros/relationship.json", + "required": [ + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/report-interop.json b/schemas/interop/report-interop.json new file mode 100644 index 0000000..6828dcb --- /dev/null +++ b/schemas/interop/report-interop.json @@ -0,0 +1,8 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/report-interop.json", + "$ref": "../sdos/report.json", + "required": [ + "report_types", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/sighting-interop.json b/schemas/interop/sighting-interop.json new file mode 100644 index 0000000..840d4c5 --- /dev/null +++ b/schemas/interop/sighting-interop.json @@ -0,0 +1,10 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/sighting-interop.json", + "$ref": "../sros/sighting.json", + "required": [ + "first_seen", + "last_seen", + "count", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/threat-actor-interop.json b/schemas/interop/threat-actor-interop.json new file mode 100644 index 0000000..da72e89 --- /dev/null +++ b/schemas/interop/threat-actor-interop.json @@ -0,0 +1,12 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/threat-actor-interop.json", + "$ref": "../sdos/threat-actor.json", + "required": [ + "threat_actor_types", + "roles", + "sophistication", + "resource_level", + "primary_motivation", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/tool.json b/schemas/interop/tool.json new file mode 100644 index 0000000..814da10 --- /dev/null +++ b/schemas/interop/tool.json @@ -0,0 +1,8 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/tool-interop.json", + "$ref": "../sdos/tool.json", + "required": [ + "tool_types", + "created_by_ref" + ] +} \ No newline at end of file diff --git a/schemas/interop/vulnerability-interop.json b/schemas/interop/vulnerability-interop.json new file mode 100644 index 0000000..60035b0 --- /dev/null +++ b/schemas/interop/vulnerability-interop.json @@ -0,0 +1,8 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/vulnerability-interop.json", + "$ref": "../sdos/vulnerability.json", + "required": [ + "external_references:", + "created_by_ref" + ] +} \ No newline at end of file From 0b73d924ce723f75ad82b41dd91d6526d798b1f3 Mon Sep 17 00:00:00 2001 From: jweissm Date: Tue, 22 Feb 2022 13:02:23 -0800 Subject: [PATCH 02/18] updated type to name in indicator-interop --- schemas/interop/indicator-interop.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schemas/interop/indicator-interop.json b/schemas/interop/indicator-interop.json index 8ec9773..31bbcdd 100644 --- a/schemas/interop/indicator-interop.json +++ b/schemas/interop/indicator-interop.json @@ -2,7 +2,7 @@ "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/indicator-interop.json", "$ref": "../sdos/indicator.json", "required": [ - "type", + "name", "indicator_types", "created_by_ref" ] From 2cec340069b4eed5403a6f4de5945be433ece730 Mon Sep 17 00:00:00 2001 From: jweissm Date: Wed, 23 Feb 2022 12:48:30 -0800 Subject: [PATCH 03/18] removed -interop from interop files --- .../{attack-pattern-interop.json => attack-pattern.json} | 2 +- schemas/interop/{campaign-interop.json => campaign.json} | 2 +- ...course-of-action-interop.json => course-of-action.json} | 2 +- schemas/interop/{grouping-interop.json => grouping.json} | 2 +- schemas/interop/identity-interop.json | 7 ------- schemas/interop/{indicator-interop.json => indicator.json} | 2 +- .../{infrastructure-interop.json => infrastructure.json} | 2 +- .../{intrusion-set-interop.json => intrusion-set.json} | 2 +- schemas/interop/{location-interop.json => location.json} | 2 +- ...malware-analysis-interop.json => malware-analysis.json} | 2 +- schemas/interop/{malware-interop.json => malware.json} | 2 +- schemas/interop/{note-interop.json => note.json} | 2 +- .../{observed-data-inerop.json => observed-data.json} | 2 +- schemas/interop/{opinion-interop.json => opinion.json} | 2 +- .../{relationship-interop.json => relationship.json} | 2 +- schemas/interop/{report-interop.json => report.json} | 2 +- schemas/interop/{sighting-interop.json => sighting.json} | 2 +- .../{threat-actor-interop.json => threat-actor.json} | 2 +- schemas/interop/tool.json | 2 +- .../{vulnerability-interop.json => vulnerability.json} | 2 +- 20 files changed, 19 insertions(+), 26 deletions(-) rename schemas/interop/{attack-pattern-interop.json => attack-pattern.json} (76%) rename schemas/interop/{campaign-interop.json => campaign.json} (70%) rename schemas/interop/{course-of-action-interop.json => course-of-action.json} (69%) rename schemas/interop/{grouping-interop.json => grouping.json} (74%) delete mode 100644 schemas/interop/identity-interop.json rename schemas/interop/{indicator-interop.json => indicator.json} (75%) rename schemas/interop/{infrastructure-interop.json => infrastructure.json} (73%) rename schemas/interop/{intrusion-set-interop.json => intrusion-set.json} (75%) rename schemas/interop/{location-interop.json => location.json} (73%) rename schemas/interop/{malware-analysis-interop.json => malware-analysis.json} (79%) rename schemas/interop/{malware-interop.json => malware.json} (84%) rename schemas/interop/{note-interop.json => note.json} (71%) rename schemas/interop/{observed-data-inerop.json => observed-data.json} (72%) rename schemas/interop/{opinion-interop.json => opinion.json} (71%) rename schemas/interop/{relationship-interop.json => relationship.json} (70%) rename schemas/interop/{report-interop.json => report.json} (74%) rename schemas/interop/{sighting-interop.json => sighting.json} (77%) rename schemas/interop/{threat-actor-interop.json => threat-actor.json} (81%) rename schemas/interop/{vulnerability-interop.json => vulnerability.json} (73%) diff --git a/schemas/interop/attack-pattern-interop.json b/schemas/interop/attack-pattern.json similarity index 76% rename from schemas/interop/attack-pattern-interop.json rename to schemas/interop/attack-pattern.json index 4ec508d..34aa239 100644 --- a/schemas/interop/attack-pattern-interop.json +++ b/schemas/interop/attack-pattern.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/attack-pattern-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/attack-patten.json", "$ref": "../sdos/attack-pattern.json", "required": [ "external_references", diff --git a/schemas/interop/campaign-interop.json b/schemas/interop/campaign.json similarity index 70% rename from schemas/interop/campaign-interop.json rename to schemas/interop/campaign.json index d2b2b42..2097e3c 100644 --- a/schemas/interop/campaign-interop.json +++ b/schemas/interop/campaign.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/campaign-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/campaign.json", "$ref": "../sdos/campaign.json", "required": [ "created_by_ref" diff --git a/schemas/interop/course-of-action-interop.json b/schemas/interop/course-of-action.json similarity index 69% rename from schemas/interop/course-of-action-interop.json rename to schemas/interop/course-of-action.json index 9124b7c..8495cc6 100644 --- a/schemas/interop/course-of-action-interop.json +++ b/schemas/interop/course-of-action.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/course-of-action-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/course-of-action.json", "$ref": "../sdos/course-of-actioin.json", "required": [ "created_by_ref" diff --git a/schemas/interop/grouping-interop.json b/schemas/interop/grouping.json similarity index 74% rename from schemas/interop/grouping-interop.json rename to schemas/interop/grouping.json index 1904c07..4088ab1 100644 --- a/schemas/interop/grouping-interop.json +++ b/schemas/interop/grouping.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/grouping-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/grouping.json", "$ref": "../sdos/grouping.json", "required": [ "identities_class", diff --git a/schemas/interop/identity-interop.json b/schemas/interop/identity-interop.json deleted file mode 100644 index 5025723..0000000 --- a/schemas/interop/identity-interop.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/identity-interop.json", - "$ref": "../sdos/identity.json", - "required": [ - "created_by_ref" - ] -} \ No newline at end of file diff --git a/schemas/interop/indicator-interop.json b/schemas/interop/indicator.json similarity index 75% rename from schemas/interop/indicator-interop.json rename to schemas/interop/indicator.json index 31bbcdd..eb30c0a 100644 --- a/schemas/interop/indicator-interop.json +++ b/schemas/interop/indicator.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/indicator-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/indicator.json", "$ref": "../sdos/indicator.json", "required": [ "name", diff --git a/schemas/interop/infrastructure-interop.json b/schemas/interop/infrastructure.json similarity index 73% rename from schemas/interop/infrastructure-interop.json rename to schemas/interop/infrastructure.json index 48ac90d..1aa5625 100644 --- a/schemas/interop/infrastructure-interop.json +++ b/schemas/interop/infrastructure.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/infrastructure-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/infrastructure.json", "$ref": "../sdos/infrastructure.json", "required": [ "infrastructure_types", diff --git a/schemas/interop/intrusion-set-interop.json b/schemas/interop/intrusion-set.json similarity index 75% rename from schemas/interop/intrusion-set-interop.json rename to schemas/interop/intrusion-set.json index 8f2768f..168c95c 100644 --- a/schemas/interop/intrusion-set-interop.json +++ b/schemas/interop/intrusion-set.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/intrusion-set-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/intrusion-set.json", "$ref": "../sdos/intrusion-set.json", "required": [ "resource_leve", diff --git a/schemas/interop/location-interop.json b/schemas/interop/location.json similarity index 73% rename from schemas/interop/location-interop.json rename to schemas/interop/location.json index 38264be..ab71461 100644 --- a/schemas/interop/location-interop.json +++ b/schemas/interop/location.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/location-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/location.json", "$ref": "../sdos/location.json", "required": [ "region", diff --git a/schemas/interop/malware-analysis-interop.json b/schemas/interop/malware-analysis.json similarity index 79% rename from schemas/interop/malware-analysis-interop.json rename to schemas/interop/malware-analysis.json index fa679ae..24ae3ab 100644 --- a/schemas/interop/malware-analysis-interop.json +++ b/schemas/interop/malware-analysis.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/malware-analysis-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/malware-analysis.json", "$ref": "../sdos/malware-analysis.json", "required": [ "version", diff --git a/schemas/interop/malware-interop.json b/schemas/interop/malware.json similarity index 84% rename from schemas/interop/malware-interop.json rename to schemas/interop/malware.json index 3b38776..6d375e0 100644 --- a/schemas/interop/malware-interop.json +++ b/schemas/interop/malware.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/malware-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/malware.json", "$ref": "../sdos/malware.json", "required": [ "name", diff --git a/schemas/interop/note-interop.json b/schemas/interop/note.json similarity index 71% rename from schemas/interop/note-interop.json rename to schemas/interop/note.json index 1e989c3..a38ab4a 100644 --- a/schemas/interop/note-interop.json +++ b/schemas/interop/note.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/note-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/note.json", "$ref": "../sdos/note.json", "required": [ "created_by_ref" diff --git a/schemas/interop/observed-data-inerop.json b/schemas/interop/observed-data.json similarity index 72% rename from schemas/interop/observed-data-inerop.json rename to schemas/interop/observed-data.json index 32c83f4..f7f1ddc 100644 --- a/schemas/interop/observed-data-inerop.json +++ b/schemas/interop/observed-data.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/observed-data-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/observed-data.json", "$ref": "../sdos/observed-data.json", "required": [ "object_refs", diff --git a/schemas/interop/opinion-interop.json b/schemas/interop/opinion.json similarity index 71% rename from schemas/interop/opinion-interop.json rename to schemas/interop/opinion.json index 5d2f8ad..2b0d959 100644 --- a/schemas/interop/opinion-interop.json +++ b/schemas/interop/opinion.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/opinion-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/opinion.json", "$ref": "../sdos/opinion.json", "required": [ "created_by_ref" diff --git a/schemas/interop/relationship-interop.json b/schemas/interop/relationship.json similarity index 70% rename from schemas/interop/relationship-interop.json rename to schemas/interop/relationship.json index fec1a38..7df350c 100644 --- a/schemas/interop/relationship-interop.json +++ b/schemas/interop/relationship.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/relationship-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/relationship.json", "$ref": "../sros/relationship.json", "required": [ "created_by_ref" diff --git a/schemas/interop/report-interop.json b/schemas/interop/report.json similarity index 74% rename from schemas/interop/report-interop.json rename to schemas/interop/report.json index 6828dcb..532baf4 100644 --- a/schemas/interop/report-interop.json +++ b/schemas/interop/report.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/report-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/report.json", "$ref": "../sdos/report.json", "required": [ "report_types", diff --git a/schemas/interop/sighting-interop.json b/schemas/interop/sighting.json similarity index 77% rename from schemas/interop/sighting-interop.json rename to schemas/interop/sighting.json index 840d4c5..d0576b8 100644 --- a/schemas/interop/sighting-interop.json +++ b/schemas/interop/sighting.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/sighting-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/sighting.json", "$ref": "../sros/sighting.json", "required": [ "first_seen", diff --git a/schemas/interop/threat-actor-interop.json b/schemas/interop/threat-actor.json similarity index 81% rename from schemas/interop/threat-actor-interop.json rename to schemas/interop/threat-actor.json index da72e89..b7e0faf 100644 --- a/schemas/interop/threat-actor-interop.json +++ b/schemas/interop/threat-actor.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/threat-actor-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/threat-actor.json", "$ref": "../sdos/threat-actor.json", "required": [ "threat_actor_types", diff --git a/schemas/interop/tool.json b/schemas/interop/tool.json index 814da10..1e9e016 100644 --- a/schemas/interop/tool.json +++ b/schemas/interop/tool.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/tool-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/tool.json", "$ref": "../sdos/tool.json", "required": [ "tool_types", diff --git a/schemas/interop/vulnerability-interop.json b/schemas/interop/vulnerability.json similarity index 73% rename from schemas/interop/vulnerability-interop.json rename to schemas/interop/vulnerability.json index 60035b0..37f687e 100644 --- a/schemas/interop/vulnerability-interop.json +++ b/schemas/interop/vulnerability.json @@ -1,5 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/vulnerability-interop.json", + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/vulnerability.json", "$ref": "../sdos/vulnerability.json", "required": [ "external_references:", From cf544d9051329667922bd639a740c02f8e5c85a0 Mon Sep 17 00:00:00 2001 From: jweissm Date: Wed, 2 Mar 2022 13:32:54 -0800 Subject: [PATCH 04/18] changed interop files, made changes to how marking definitions are handled in core.json --- .../interop => interop}/attack-pattern.json | 0 {schemas/interop => interop}/campaign.json | 0 .../interop => interop}/course-of-action.json | 0 {schemas/interop => interop}/grouping.json | 0 {schemas/interop => interop}/indicator.json | 0 .../interop => interop}/infrastructure.json | 0 .../interop => interop}/intrusion-set.json | 0 {schemas/interop => interop}/location.json | 0 .../interop => interop}/malware-analysis.json | 0 {schemas/interop => interop}/malware.json | 0 {schemas/interop => interop}/note.json | 0 .../interop => interop}/observed-data.json | 0 {schemas/interop => interop}/opinion.json | 0 .../interop => interop}/relationship.json | 0 {schemas/interop => interop}/report.json | 0 {schemas/interop => interop}/sighting.json | 0 .../interop => interop}/threat-actor.json | 0 {schemas/interop => interop}/tool.json | 0 .../interop => interop}/vulnerability.json | 0 schemas/common/core.json | 27 +++++++++++++++++-- 20 files changed, 25 insertions(+), 2 deletions(-) rename {schemas/interop => interop}/attack-pattern.json (100%) rename {schemas/interop => interop}/campaign.json (100%) rename {schemas/interop => interop}/course-of-action.json (100%) rename {schemas/interop => interop}/grouping.json (100%) rename {schemas/interop => interop}/indicator.json (100%) rename {schemas/interop => interop}/infrastructure.json (100%) rename {schemas/interop => interop}/intrusion-set.json (100%) rename {schemas/interop => interop}/location.json (100%) rename {schemas/interop => interop}/malware-analysis.json (100%) rename {schemas/interop => interop}/malware.json (100%) rename {schemas/interop => interop}/note.json (100%) rename {schemas/interop => interop}/observed-data.json (100%) rename {schemas/interop => interop}/opinion.json (100%) rename {schemas/interop => interop}/relationship.json (100%) rename {schemas/interop => interop}/report.json (100%) rename {schemas/interop => interop}/sighting.json (100%) rename {schemas/interop => interop}/threat-actor.json (100%) rename {schemas/interop => interop}/tool.json (100%) rename {schemas/interop => interop}/vulnerability.json (100%) diff --git a/schemas/interop/attack-pattern.json b/interop/attack-pattern.json similarity index 100% rename from schemas/interop/attack-pattern.json rename to interop/attack-pattern.json diff --git a/schemas/interop/campaign.json b/interop/campaign.json similarity index 100% rename from schemas/interop/campaign.json rename to interop/campaign.json diff --git a/schemas/interop/course-of-action.json b/interop/course-of-action.json similarity index 100% rename from schemas/interop/course-of-action.json rename to interop/course-of-action.json diff --git a/schemas/interop/grouping.json b/interop/grouping.json similarity index 100% rename from schemas/interop/grouping.json rename to interop/grouping.json diff --git a/schemas/interop/indicator.json b/interop/indicator.json similarity index 100% rename from schemas/interop/indicator.json rename to interop/indicator.json diff --git a/schemas/interop/infrastructure.json b/interop/infrastructure.json similarity index 100% rename from schemas/interop/infrastructure.json rename to interop/infrastructure.json diff --git a/schemas/interop/intrusion-set.json b/interop/intrusion-set.json similarity index 100% rename from schemas/interop/intrusion-set.json rename to interop/intrusion-set.json diff --git a/schemas/interop/location.json b/interop/location.json similarity index 100% rename from schemas/interop/location.json rename to interop/location.json diff --git a/schemas/interop/malware-analysis.json b/interop/malware-analysis.json similarity index 100% rename from schemas/interop/malware-analysis.json rename to interop/malware-analysis.json diff --git a/schemas/interop/malware.json b/interop/malware.json similarity index 100% rename from schemas/interop/malware.json rename to interop/malware.json diff --git a/schemas/interop/note.json b/interop/note.json similarity index 100% rename from schemas/interop/note.json rename to interop/note.json diff --git a/schemas/interop/observed-data.json b/interop/observed-data.json similarity index 100% rename from schemas/interop/observed-data.json rename to interop/observed-data.json diff --git a/schemas/interop/opinion.json b/interop/opinion.json similarity index 100% rename from schemas/interop/opinion.json rename to interop/opinion.json diff --git a/schemas/interop/relationship.json b/interop/relationship.json similarity index 100% rename from schemas/interop/relationship.json rename to interop/relationship.json diff --git a/schemas/interop/report.json b/interop/report.json similarity index 100% rename from schemas/interop/report.json rename to interop/report.json diff --git a/schemas/interop/sighting.json b/interop/sighting.json similarity index 100% rename from schemas/interop/sighting.json rename to interop/sighting.json diff --git a/schemas/interop/threat-actor.json b/interop/threat-actor.json similarity index 100% rename from schemas/interop/threat-actor.json rename to interop/threat-actor.json diff --git a/schemas/interop/tool.json b/interop/tool.json similarity index 100% rename from schemas/interop/tool.json rename to interop/tool.json diff --git a/schemas/interop/vulnerability.json b/interop/vulnerability.json similarity index 100% rename from schemas/interop/vulnerability.json rename to interop/vulnerability.json diff --git a/schemas/common/core.json b/schemas/common/core.json index 0ef9cc6..76b1432 100644 --- a/schemas/common/core.json +++ b/schemas/common/core.json @@ -91,8 +91,30 @@ "object_marking_refs": { "type": "array", "description": "The list of marking-definition objects to be applied to this object.", + "containes": { + "enum":[ + "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", + "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82", + "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed" + + ] + }, + "minContains": 0, + "maxContains": 1, "items": { - "$ref": "../common/identifier.json" + "allOf":[ + { + "$ref": "../common/identifier.json" + }, + { + "oneOf":[ + { + "pattern": "^marking-definition--" + } + ] + } + ] }, "minItems": 1 }, @@ -146,6 +168,7 @@ "spec_version", "id", "created", - "modified" + "modified", + "created_by_ref" ] } From 6217a707f17b8efb1de2dbb964dc52944979def0 Mon Sep 17 00:00:00 2001 From: jweissm Date: Wed, 2 Mar 2022 13:37:05 -0800 Subject: [PATCH 05/18] added validate_testor.json to interop2 --- validate_testor.json | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 validate_testor.json diff --git a/validate_testor.json b/validate_testor.json new file mode 100644 index 0000000..9ca76dd --- /dev/null +++ b/validate_testor.json @@ -0,0 +1,33 @@ + + { + "type": "attack-pattern", + "spec_version": "2.1", + "id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "created": "2016-05-12T08:17:27.000Z", + "modified": "2016-05-12T08:17:27.000Z", + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "name": "Spear Phishing", + "external_references": [ + { + "source_name": "capec", + "external_id": "CAPEC-163" + } + ], + "kill_chain_phases": + [ + { + "kill_chain_name": "example-kill-chain", + "phase_name": "lateral-movement" + } + ], + "object_marking_refs": [ + "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed" + ] + } + + + + + + + From a4d130a8ddce412738cac5cce45df6572557d600 Mon Sep 17 00:00:00 2001 From: jweissm Date: Fri, 4 Mar 2022 13:26:56 -0800 Subject: [PATCH 06/18] changed draft7 to draft 2020-12 in all instances, added changes for tlp markings in core.json(needs to be moved) --- interop/attack-pattern.json | 3 +-- interop/campaign.json | 3 +-- interop/course-of-action.json | 3 +-- interop/grouping.json | 3 +-- interop/indicator.json | 3 +-- interop/infrastructure.json | 3 +-- interop/intrusion-set.json | 3 +-- interop/location.json | 3 +-- interop/malware-analysis.json | 3 +-- interop/malware.json | 3 +-- interop/note.json | 3 +-- interop/observed-data.json | 2 +- interop/opinion.json | 3 +-- interop/relationship.json | 1 - interop/report.json | 3 +-- interop/sighting.json | 1 - interop/threat-actor.json | 3 +-- interop/tool.json | 3 +-- interop/vulnerability.json | 3 +-- schemas/common/binary.json | 2 +- schemas/common/bundle.json | 2 +- schemas/common/core.json | 19 +++++-------------- schemas/common/cyber-observable-core.json | 2 +- schemas/common/dictionary.json | 2 +- schemas/common/extension-definition.json | 2 +- schemas/common/extension.json | 2 +- schemas/common/external-reference.json | 2 +- schemas/common/granular-marking.json | 2 +- schemas/common/hashes-type.json | 2 +- schemas/common/hex.json | 2 +- schemas/common/identifier.json | 2 +- schemas/common/kill-chain-phase.json | 2 +- schemas/common/language-content.json | 2 +- schemas/common/marking-definition.json | 2 +- schemas/common/properties.json | 2 +- schemas/common/timestamp.json | 2 +- schemas/common/url-regex.json | 2 +- schemas/observables/artifact.json | 2 +- schemas/observables/autonomous-system.json | 2 +- schemas/observables/directory.json | 2 +- schemas/observables/domain-name.json | 2 +- schemas/observables/email-addr.json | 2 +- schemas/observables/email-message.json | 2 +- schemas/observables/file.json | 2 +- schemas/observables/ipv4-addr.json | 2 +- schemas/observables/ipv6-addr.json | 2 +- schemas/observables/mac-addr.json | 2 +- schemas/observables/mutex.json | 2 +- schemas/observables/network-traffic.json | 2 +- schemas/observables/process.json | 2 +- schemas/observables/software.json | 2 +- schemas/observables/url.json | 2 +- schemas/observables/user-account.json | 2 +- schemas/observables/windows-registry-key.json | 2 +- schemas/observables/x509-certificate.json | 2 +- schemas/sdos/attack-pattern.json | 2 +- schemas/sdos/campaign.json | 2 +- schemas/sdos/course-of-action.json | 2 +- schemas/sdos/grouping.json | 2 +- schemas/sdos/identity.json | 2 +- schemas/sdos/incident.json | 2 +- schemas/sdos/indicator.json | 2 +- schemas/sdos/infrastructure.json | 2 +- schemas/sdos/intrusion-set.json | 2 +- schemas/sdos/location.json | 2 +- schemas/sdos/malware-analysis.json | 2 +- schemas/sdos/malware.json | 2 +- schemas/sdos/note.json | 2 +- schemas/sdos/observed-data.json | 2 +- schemas/sdos/opinion.json | 2 +- schemas/sdos/report.json | 2 +- schemas/sdos/threat-actor.json | 2 +- schemas/sdos/tool.json | 2 +- schemas/sdos/vulnerability.json | 2 +- schemas/sros/relationship.json | 2 +- validate_testor.json | 1 + 76 files changed, 78 insertions(+), 104 deletions(-) diff --git a/interop/attack-pattern.json b/interop/attack-pattern.json index 34aa239..3c2a97e 100644 --- a/interop/attack-pattern.json +++ b/interop/attack-pattern.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/attack-patten.json", - "$ref": "../sdos/attack-pattern.json", + "$ref": "../schemas/sdos/attack-pattern.json", "required": [ "external_references", "kill_chain_phases", diff --git a/interop/campaign.json b/interop/campaign.json index 2097e3c..dd3f9b3 100644 --- a/interop/campaign.json +++ b/interop/campaign.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/campaign.json", - "$ref": "../sdos/campaign.json", + "$ref": "../schemas/sdos/campaign.json", "required": [ "created_by_ref" ] diff --git a/interop/course-of-action.json b/interop/course-of-action.json index 8495cc6..9b50c99 100644 --- a/interop/course-of-action.json +++ b/interop/course-of-action.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/course-of-action.json", - "$ref": "../sdos/course-of-actioin.json", + "$ref": "../schemas/sdos/course-of-actioin.json", "required": [ "created_by_ref" ] diff --git a/interop/grouping.json b/interop/grouping.json index 4088ab1..4585a66 100644 --- a/interop/grouping.json +++ b/interop/grouping.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/grouping.json", - "$ref": "../sdos/grouping.json", + "$ref": "../schemas/sdos/grouping.json", "required": [ "identities_class", "created_by_ref" diff --git a/interop/indicator.json b/interop/indicator.json index eb30c0a..6879e45 100644 --- a/interop/indicator.json +++ b/interop/indicator.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/indicator.json", - "$ref": "../sdos/indicator.json", + "$ref": "../schemas/sdos/indicator.json", "required": [ "name", "indicator_types", diff --git a/interop/infrastructure.json b/interop/infrastructure.json index 1aa5625..16dd44a 100644 --- a/interop/infrastructure.json +++ b/interop/infrastructure.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/infrastructure.json", - "$ref": "../sdos/infrastructure.json", + "$ref": "../schemas/sdos/infrastructure.json", "required": [ "infrastructure_types", "created_by_ref" diff --git a/interop/intrusion-set.json b/interop/intrusion-set.json index 168c95c..66f0e2b 100644 --- a/interop/intrusion-set.json +++ b/interop/intrusion-set.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/intrusion-set.json", - "$ref": "../sdos/intrusion-set.json", + "$ref": "../schemas/sdos/intrusion-set.json", "required": [ "resource_leve", "primary_motivation", diff --git a/interop/location.json b/interop/location.json index ab71461..b7be079 100644 --- a/interop/location.json +++ b/interop/location.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/location.json", - "$ref": "../sdos/location.json", + "$ref": "../schemas/sdos/location.json", "required": [ "region", "created_by_ref" diff --git a/interop/malware-analysis.json b/interop/malware-analysis.json index 24ae3ab..5e41b82 100644 --- a/interop/malware-analysis.json +++ b/interop/malware-analysis.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/malware-analysis.json", - "$ref": "../sdos/malware-analysis.json", + "$ref": "../schemas/sdos/malware-analysis.json", "required": [ "version", "submitted", diff --git a/interop/malware.json b/interop/malware.json index 6d375e0..bf0e684 100644 --- a/interop/malware.json +++ b/interop/malware.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/malware.json", - "$ref": "../sdos/malware.json", + "$ref": "../schemas/sdos/malware.json", "required": [ "name", "malware_types", diff --git a/interop/note.json b/interop/note.json index a38ab4a..e6e6708 100644 --- a/interop/note.json +++ b/interop/note.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/note.json", - "$ref": "../sdos/note.json", + "$ref": "../schemas/sdos/note.json", "required": [ "created_by_ref" ] diff --git a/interop/observed-data.json b/interop/observed-data.json index f7f1ddc..8080173 100644 --- a/interop/observed-data.json +++ b/interop/observed-data.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/observed-data.json", - "$ref": "../sdos/observed-data.json", + "$ref": "../schemas/sdos/observed-data.json", "required": [ "object_refs", "created_by_ref" diff --git a/interop/opinion.json b/interop/opinion.json index 2b0d959..44355f2 100644 --- a/interop/opinion.json +++ b/interop/opinion.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/opinion.json", - "$ref": "../sdos/opinion.json", + "$ref": "../schemas/sdos/opinion.json", "required": [ "created_by_ref" ] diff --git a/interop/relationship.json b/interop/relationship.json index 7df350c..e174714 100644 --- a/interop/relationship.json +++ b/interop/relationship.json @@ -1,5 +1,4 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/relationship.json", "$ref": "../sros/relationship.json", "required": [ "created_by_ref" diff --git a/interop/report.json b/interop/report.json index 532baf4..e28130e 100644 --- a/interop/report.json +++ b/interop/report.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/report.json", - "$ref": "../sdos/report.json", + "$ref": "../schemas/sdos/report.json", "required": [ "report_types", "created_by_ref" diff --git a/interop/sighting.json b/interop/sighting.json index d0576b8..b9c069b 100644 --- a/interop/sighting.json +++ b/interop/sighting.json @@ -1,5 +1,4 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/sighting.json", "$ref": "../sros/sighting.json", "required": [ "first_seen", diff --git a/interop/threat-actor.json b/interop/threat-actor.json index b7e0faf..632b6c6 100644 --- a/interop/threat-actor.json +++ b/interop/threat-actor.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/threat-actor.json", - "$ref": "../sdos/threat-actor.json", + "$ref": "../schemas/sdos/threat-actor.json", "required": [ "threat_actor_types", "roles", diff --git a/interop/tool.json b/interop/tool.json index 1e9e016..7bb09e4 100644 --- a/interop/tool.json +++ b/interop/tool.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/tool.json", - "$ref": "../sdos/tool.json", + "$ref": "../schemas/sdos/tool.json", "required": [ "tool_types", "created_by_ref" diff --git a/interop/vulnerability.json b/interop/vulnerability.json index 37f687e..0fc4f29 100644 --- a/interop/vulnerability.json +++ b/interop/vulnerability.json @@ -1,6 +1,5 @@ { - "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/vulnerability.json", - "$ref": "../sdos/vulnerability.json", + "$ref": "../schemas/sdos/vulnerability.json", "required": [ "external_references:", "created_by_ref" diff --git a/schemas/common/binary.json b/schemas/common/binary.json index 95a7c20..2ba930f 100644 --- a/schemas/common/binary.json +++ b/schemas/common/binary.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/binary.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "binary", "description": "The ​binary data type represents a sequence of bytes. In order to allow pattern matching on custom objects, for all properties that use the binary type, the property name MUST end with '_bin'. The JSON MTI serialization represents this as a base64-­encoded string as specified in RFC4648​. Other serializations SHOULD use a native binary type, if available.", "type": "string", diff --git a/schemas/common/bundle.json b/schemas/common/bundle.json index f8f65ab..d5f9695 100644 --- a/schemas/common/bundle.json +++ b/schemas/common/bundle.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/bundle.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "bundle", "description": "A Bundle is a collection of arbitrary STIX Objects and Marking Definitions grouped together in a single container.", "type": "object", diff --git a/schemas/common/core.json b/schemas/common/core.json index 76b1432..fa345ac 100644 --- a/schemas/common/core.json +++ b/schemas/common/core.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/core.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "core", "description": "Common properties and behavior across all STIX Domain Objects and STIX Relationship Objects.", "type": "object", @@ -91,14 +91,8 @@ "object_marking_refs": { "type": "array", "description": "The list of marking-definition objects to be applied to this object.", - "containes": { - "enum":[ - "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", - "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", - "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82", - "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed" - - ] + "contains": { + "pattern":"^marking-definition--((613f2e26-407d-48c7-9eca-b8e91df99dc9)|(34098fce-860f-48ae-8e50-ebd3cc5e41da)|(f88d31f6-486f-44da-b317-01333bde0b82)|(5e57c739-391a-4eb3-b6be-7d15ca92d5ed))$" }, "minContains": 0, "maxContains": 1, @@ -108,11 +102,8 @@ "$ref": "../common/identifier.json" }, { - "oneOf":[ - { - "pattern": "^marking-definition--" - } - ] + "pattern": "^marking-definition--" + } ] }, diff --git a/schemas/common/cyber-observable-core.json b/schemas/common/cyber-observable-core.json index fe2b269..de75a81 100644 --- a/schemas/common/cyber-observable-core.json +++ b/schemas/common/cyber-observable-core.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/cyber-observable-core.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "cyber-observable-core", "description": "Common properties and behavior across all Cyber Observable Objects.", "type": "object", diff --git a/schemas/common/dictionary.json b/schemas/common/dictionary.json index d835b1d..c048456 100644 --- a/schemas/common/dictionary.json +++ b/schemas/common/dictionary.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/dictionary.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "dictionary", "description": "A dictionary captures a set of key/value pairs", "type": "object", diff --git a/schemas/common/extension-definition.json b/schemas/common/extension-definition.json index 7a7c3db..8b5152c 100644 --- a/schemas/common/extension-definition.json +++ b/schemas/common/extension-definition.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension-definition.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "extension-definition", "description": "The STIX Extension Definition object allows producers of threat intelligence to extend existing STIX objects or to create entirely new STIX objects in a standardized way.", "type": "object", diff --git a/schemas/common/extension.json b/schemas/common/extension.json index b2b5358..e4cac26 100644 --- a/schemas/common/extension.json +++ b/schemas/common/extension.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "type": "object", "minProperties": 1, "properties": { diff --git a/schemas/common/external-reference.json b/schemas/common/external-reference.json index 3902a9c..7dcc10f 100644 --- a/schemas/common/external-reference.json +++ b/schemas/common/external-reference.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/external-reference.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "external-reference", "description": "External references are used to describe pointers to information represented outside of STIX.", "type": "object", diff --git a/schemas/common/granular-marking.json b/schemas/common/granular-marking.json index dcdec2e..7305926 100644 --- a/schemas/common/granular-marking.json +++ b/schemas/common/granular-marking.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/granular-marking.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "granular-marking", "description": "The granular-marking type defines how the list of marking-definition objects referenced by the marking_refs property to apply to a set of content identified by the list of selectors in the selectors property.", "type": "object", diff --git a/schemas/common/hashes-type.json b/schemas/common/hashes-type.json index 64cd575..0260193 100644 --- a/schemas/common/hashes-type.json +++ b/schemas/common/hashes-type.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hashes-type.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "hashes", "description": "The Hashes type represents one or more cryptographic hashes, as a special set of key/value pairs", "type": "object", diff --git a/schemas/common/hex.json b/schemas/common/hex.json index c71d008..1e53931 100644 --- a/schemas/common/hex.json +++ b/schemas/common/hex.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hex.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "hex", "description": "The hex data type encodes an array of octets (8-bit bytes) as hexadecimal. The string MUST consist of an even number of hexadecimal characters, which are the digits '0' through '9' and the letters 'a' through 'f'. In order to allow pattern matching on custom objects, all properties that use the hex type, the property name MUST end with '_hex'.", "type": "string", diff --git a/schemas/common/identifier.json b/schemas/common/identifier.json index 178d17f..2f280e7 100644 --- a/schemas/common/identifier.json +++ b/schemas/common/identifier.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/identifier.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "identifier", "description": "Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.", "type": "string", diff --git a/schemas/common/kill-chain-phase.json b/schemas/common/kill-chain-phase.json index b013b7b..8c3fdda 100644 --- a/schemas/common/kill-chain-phase.json +++ b/schemas/common/kill-chain-phase.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/kill-chain-phase.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "kill-chain-phase", "description": "The kill-chain-phase represents a phase in a kill chain.", "type": "object", diff --git a/schemas/common/language-content.json b/schemas/common/language-content.json index a8aa7a2..a4de174 100644 --- a/schemas/common/language-content.json +++ b/schemas/common/language-content.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/language-content.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "language-content", "description": "The language-content object represents text content for STIX Objects represented in languages other than that of the original object.", "type": "object", diff --git a/schemas/common/marking-definition.json b/schemas/common/marking-definition.json index f5f9098..782e8dd 100644 --- a/schemas/common/marking-definition.json +++ b/schemas/common/marking-definition.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/marking-definition.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "marking-definition", "description": "The marking-definition object represents a specific marking.", "type": "object", diff --git a/schemas/common/properties.json b/schemas/common/properties.json index 29fda66..255945b 100644 --- a/schemas/common/properties.json +++ b/schemas/common/properties.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/properties.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "properties", "description": "Rules for custom properties", "patternProperties": { diff --git a/schemas/common/timestamp.json b/schemas/common/timestamp.json index ff89ffe..643c748 100644 --- a/schemas/common/timestamp.json +++ b/schemas/common/timestamp.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/timestamp.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "timestamp", "description": "Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.", "type": "string", diff --git a/schemas/common/url-regex.json b/schemas/common/url-regex.json index 0ad192a..097a45b 100644 --- a/schemas/common/url-regex.json +++ b/schemas/common/url-regex.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/url-regex.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "url-regex", "description": "Matches a URI according to RFC 3986.", "type": "string", diff --git a/schemas/observables/artifact.json b/schemas/observables/artifact.json index 9076518..c782a48 100644 --- a/schemas/observables/artifact.json +++ b/schemas/observables/artifact.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/artifact.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "artifact", "description": "The Artifact Object permits capturing an array of bytes (8-bits), as a base64-encoded string string, or linking to a file-like payload.", "type": "object", diff --git a/schemas/observables/autonomous-system.json b/schemas/observables/autonomous-system.json index fad576b..fd9da0e 100644 --- a/schemas/observables/autonomous-system.json +++ b/schemas/observables/autonomous-system.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/autonomous-system.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "autonomous-system", "description": "The AS object represents the properties of an Autonomous Systems (AS).", "type": "object", diff --git a/schemas/observables/directory.json b/schemas/observables/directory.json index 136bc3b..ed8a591 100644 --- a/schemas/observables/directory.json +++ b/schemas/observables/directory.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/directory.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "directory", "description": "The Directory Object represents the properties common to a file system directory.", "type": "object", diff --git a/schemas/observables/domain-name.json b/schemas/observables/domain-name.json index c8026ad..972f79d 100644 --- a/schemas/observables/domain-name.json +++ b/schemas/observables/domain-name.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/domain-name.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "domain-name", "description": "The Domain Name represents the properties of a network domain name.", "type": "object", diff --git a/schemas/observables/email-addr.json b/schemas/observables/email-addr.json index 1583c8f..ce27930 100644 --- a/schemas/observables/email-addr.json +++ b/schemas/observables/email-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-addr.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "email-addr", "description": "The Email Address Object represents a single email address.", "type": "object", diff --git a/schemas/observables/email-message.json b/schemas/observables/email-message.json index 0658e99..189728f 100644 --- a/schemas/observables/email-message.json +++ b/schemas/observables/email-message.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-message.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "email-message", "description": "The Email Message Object represents an instance of an email message.", "type": "object", diff --git a/schemas/observables/file.json b/schemas/observables/file.json index 4cb7f75..106882b 100644 --- a/schemas/observables/file.json +++ b/schemas/observables/file.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/file.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "file", "description": "The File Object represents the properties of a file.", "type": "object", diff --git a/schemas/observables/ipv4-addr.json b/schemas/observables/ipv4-addr.json index c5e5162..d3b3565 100644 --- a/schemas/observables/ipv4-addr.json +++ b/schemas/observables/ipv4-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv4-addr.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "ipv4-addr", "description": "The IPv4 Address Object represents one or more IPv4 addresses expressed using CIDR notation.", "type": "object", diff --git a/schemas/observables/ipv6-addr.json b/schemas/observables/ipv6-addr.json index 11b2aa3..7dc9970 100644 --- a/schemas/observables/ipv6-addr.json +++ b/schemas/observables/ipv6-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv6-addr.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "ipv6-addr", "description": "The IPv6 Address Object represents one or more IPv6 addresses expressed using CIDR notation.", "type": "object", diff --git a/schemas/observables/mac-addr.json b/schemas/observables/mac-addr.json index 2f84b8e..c220069 100644 --- a/schemas/observables/mac-addr.json +++ b/schemas/observables/mac-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mac-addr.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "mac-addr", "description": "The MAC Address Object represents a single Media Access Control (MAC) address.", "type": "object", diff --git a/schemas/observables/mutex.json b/schemas/observables/mutex.json index 8415c4d..705710b 100644 --- a/schemas/observables/mutex.json +++ b/schemas/observables/mutex.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mutex.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "mutex", "description": "The Mutex Object represents the properties of a mutual exclusion (mutex) object.", "type": "object", diff --git a/schemas/observables/network-traffic.json b/schemas/observables/network-traffic.json index c233015..0e34394 100644 --- a/schemas/observables/network-traffic.json +++ b/schemas/observables/network-traffic.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/network-traffic.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "network-traffic", "description": "The Network Traffic Object represents arbitrary network traffic that originates from a source and is addressed to a destination.", "type": "object", diff --git a/schemas/observables/process.json b/schemas/observables/process.json index 5f698ec..cd2bd12 100644 --- a/schemas/observables/process.json +++ b/schemas/observables/process.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/process.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "process", "description": "The Process Object represents common properties of an instance of a computer program as executed on an operating system.", "type": "object", diff --git a/schemas/observables/software.json b/schemas/observables/software.json index a40b228..7ba9c7c 100644 --- a/schemas/observables/software.json +++ b/schemas/observables/software.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/software.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "software", "description": "The Software Object represents high-level properties associated with software, including software products.", "type": "object", diff --git a/schemas/observables/url.json b/schemas/observables/url.json index 3493482..beef3f4 100644 --- a/schemas/observables/url.json +++ b/schemas/observables/url.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/url.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "url", "description": "The URL Object represents the properties of a uniform resource locator (URL).", "type": "object", diff --git a/schemas/observables/user-account.json b/schemas/observables/user-account.json index b2cb1e7..9203017 100644 --- a/schemas/observables/user-account.json +++ b/schemas/observables/user-account.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/user-account.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "user-account", "description": "The User Account Object represents an instance of any type of user account, including but not limited to operating system, device, messaging service, and social media platform accounts.", "type": "object", diff --git a/schemas/observables/windows-registry-key.json b/schemas/observables/windows-registry-key.json index c71468c..2e66e64 100644 --- a/schemas/observables/windows-registry-key.json +++ b/schemas/observables/windows-registry-key.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/windows-registry-key.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "windows-registry-key", "description": "The Registry Key Object represents the properties of a Windows registry key.", "type": "object", diff --git a/schemas/observables/x509-certificate.json b/schemas/observables/x509-certificate.json index 1eda586..8e39ab0 100644 --- a/schemas/observables/x509-certificate.json +++ b/schemas/observables/x509-certificate.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/x509-certificate.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "x509-certificate", "description": "The X509 Certificate Object represents the properties of an X.509 certificate.", "type": "object", diff --git a/schemas/sdos/attack-pattern.json b/schemas/sdos/attack-pattern.json index 5fa1cda..481773f 100644 --- a/schemas/sdos/attack-pattern.json +++ b/schemas/sdos/attack-pattern.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/attack-pattern.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "attack-pattern", "description": "Attack Patterns are a type of TTP that describe ways that adversaries attempt to compromise targets. ", "type": "object", diff --git a/schemas/sdos/campaign.json b/schemas/sdos/campaign.json index fe4576c..46907dd 100644 --- a/schemas/sdos/campaign.json +++ b/schemas/sdos/campaign.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/campaign.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "campaign", "description": "A Campaign is a grouping of adversary behavior that describes a set of malicious activities or attacks that occur over a period of time against a specific set of targets.", "type": "object", diff --git a/schemas/sdos/course-of-action.json b/schemas/sdos/course-of-action.json index 3217d3c..a054681 100644 --- a/schemas/sdos/course-of-action.json +++ b/schemas/sdos/course-of-action.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/course-of-action.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "course-of-action", "description": "A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress. ", "type": "object", diff --git a/schemas/sdos/grouping.json b/schemas/sdos/grouping.json index 3985214..211847b 100644 --- a/schemas/sdos/grouping.json +++ b/schemas/sdos/grouping.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/grouping.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "grouping", "description": "A Grouping object explicitly asserts that the referenced STIX Objects have a shared content.", "type": "object", diff --git a/schemas/sdos/identity.json b/schemas/sdos/identity.json index b73afc3..5b3144d 100644 --- a/schemas/sdos/identity.json +++ b/schemas/sdos/identity.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/identity.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "identity", "description": "Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, or groups.", "type": "object", diff --git a/schemas/sdos/incident.json b/schemas/sdos/incident.json index 33e43d5..9102f24 100644 --- a/schemas/sdos/incident.json +++ b/schemas/sdos/incident.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/incident.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "incident", "description": "The Incident object in STIX 2.1 is a stub, to be expanded in future STIX 2 releases.", "type": "object", diff --git a/schemas/sdos/indicator.json b/schemas/sdos/indicator.json index e2db857..fac727c 100644 --- a/schemas/sdos/indicator.json +++ b/schemas/sdos/indicator.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/indicator.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "indicator", "description": "Indicators contain a pattern that can be used to detect suspicious or malicious cyber activity.", "type": "object", diff --git a/schemas/sdos/infrastructure.json b/schemas/sdos/infrastructure.json index 1495971..147be64 100644 --- a/schemas/sdos/infrastructure.json +++ b/schemas/sdos/infrastructure.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/infrastructure.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "infrastructure", "description": "Infrastructure objects describe systems, software services, and associated physical or virtual resources.", "type": "object", diff --git a/schemas/sdos/intrusion-set.json b/schemas/sdos/intrusion-set.json index af1a335..fdaef8f 100644 --- a/schemas/sdos/intrusion-set.json +++ b/schemas/sdos/intrusion-set.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/intrusion-set.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "intrusion-set", "description": "An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization.", "type": "object", diff --git a/schemas/sdos/location.json b/schemas/sdos/location.json index 68bba68..4c8a3fc 100644 --- a/schemas/sdos/location.json +++ b/schemas/sdos/location.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/location.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "location", "description": "A Location represents a geographic location. The location may be described as any, some or all of the following: region (e.g., North America), civic address (e.g. New York, US), latitude and longitude.", "type": "object", diff --git a/schemas/sdos/malware-analysis.json b/schemas/sdos/malware-analysis.json index 4e48489..02fa60e 100644 --- a/schemas/sdos/malware-analysis.json +++ b/schemas/sdos/malware-analysis.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware-analysis.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "malware-analysis", "description": "Malware Analysis captures the metadata and results of a particular analysis performed (static or dynamic) on the malware instance or family.", "type": "object", diff --git a/schemas/sdos/malware.json b/schemas/sdos/malware.json index 5ac094b..de16bfe 100644 --- a/schemas/sdos/malware.json +++ b/schemas/sdos/malware.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "malware", "description": "Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.", "type": "object", diff --git a/schemas/sdos/note.json b/schemas/sdos/note.json index 0ac9d2e..c898991 100644 --- a/schemas/sdos/note.json +++ b/schemas/sdos/note.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/note.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "note", "description": "A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object.", "type": "object", diff --git a/schemas/sdos/observed-data.json b/schemas/sdos/observed-data.json index df54fc4..37eec7a 100644 --- a/schemas/sdos/observed-data.json +++ b/schemas/sdos/observed-data.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/observed-data.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "observed-data", "description": "Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification.", "type": "object", diff --git a/schemas/sdos/opinion.json b/schemas/sdos/opinion.json index bd50e0b..a7e06dc 100644 --- a/schemas/sdos/opinion.json +++ b/schemas/sdos/opinion.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/opinion.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "opinion", "description": "An Opinion is an assessment of the correctness of the information in a STIX Object produced by a different entity and captures the level of agreement or disagreement using a fixed scale.", "type": "object", diff --git a/schemas/sdos/report.json b/schemas/sdos/report.json index 943939a..e86c466 100644 --- a/schemas/sdos/report.json +++ b/schemas/sdos/report.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/report.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "report", "description": "Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details.", "type": "object", diff --git a/schemas/sdos/threat-actor.json b/schemas/sdos/threat-actor.json index 2390715..dd807bf 100644 --- a/schemas/sdos/threat-actor.json +++ b/schemas/sdos/threat-actor.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/threat-actor.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "threat-actor", "description": "Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent.", "type": "object", diff --git a/schemas/sdos/tool.json b/schemas/sdos/tool.json index daa65dd..0e2faa4 100644 --- a/schemas/sdos/tool.json +++ b/schemas/sdos/tool.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/tool.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "tool", "description": "Tools are legitimate software that can be used by threat actors to perform attacks.", "type": "object", diff --git a/schemas/sdos/vulnerability.json b/schemas/sdos/vulnerability.json index 3845452..0353f4c 100644 --- a/schemas/sdos/vulnerability.json +++ b/schemas/sdos/vulnerability.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/vulnerability.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "vulnerability", "description": "A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.", "type": "object", diff --git a/schemas/sros/relationship.json b/schemas/sros/relationship.json index 6a18f78..1639cb8 100644 --- a/schemas/sros/relationship.json +++ b/schemas/sros/relationship.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sros/relationship.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "relationship", "description": "The Relationship object is used to link together two SDOs in order to describe how they are related to each other.", "type": "object", diff --git a/validate_testor.json b/validate_testor.json index 9ca76dd..8305d23 100644 --- a/validate_testor.json +++ b/validate_testor.json @@ -21,6 +21,7 @@ } ], "object_marking_refs": [ + "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed" ] } From 886be8fd7b0ec41a4443ef2084604af206127908 Mon Sep 17 00:00:00 2001 From: jweissm Date: Mon, 14 Mar 2022 13:57:26 -0700 Subject: [PATCH 07/18] added $ids back --- interop/attack-pattern.json | 1 + interop/campaign.json | 1 + interop/course-of-action.json | 3 ++- interop/grouping.json | 1 + interop/indicator.json | 1 + interop/infrastructure.json | 1 + interop/intrusion-set.json | 1 + interop/location.json | 1 + interop/malware-analysis.json | 1 + interop/malware.json | 1 + interop/note.json | 1 + interop/opinion.json | 1 + interop/relationship.json | 1 + interop/report.json | 1 + interop/sighting.json | 1 + interop/threat-actor.json | 1 + interop/tool.json | 1 + interop/vulnerability.json | 1 + 18 files changed, 19 insertions(+), 1 deletion(-) diff --git a/interop/attack-pattern.json b/interop/attack-pattern.json index 3c2a97e..6571d10 100644 --- a/interop/attack-pattern.json +++ b/interop/attack-pattern.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/attack-pattern.json", "$ref": "../schemas/sdos/attack-pattern.json", "required": [ "external_references", diff --git a/interop/campaign.json b/interop/campaign.json index dd3f9b3..465f700 100644 --- a/interop/campaign.json +++ b/interop/campaign.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/campaign.json", "$ref": "../schemas/sdos/campaign.json", "required": [ "created_by_ref" diff --git a/interop/course-of-action.json b/interop/course-of-action.json index 9b50c99..6853f51 100644 --- a/interop/course-of-action.json +++ b/interop/course-of-action.json @@ -1,5 +1,6 @@ { - "$ref": "../schemas/sdos/course-of-actioin.json", + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/campaign.json", + "$ref": "../schemas/sdos/course-of-action.json", "required": [ "created_by_ref" ] diff --git a/interop/grouping.json b/interop/grouping.json index 4585a66..c72c275 100644 --- a/interop/grouping.json +++ b/interop/grouping.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/grouping.json", "$ref": "../schemas/sdos/grouping.json", "required": [ "identities_class", diff --git a/interop/indicator.json b/interop/indicator.json index 6879e45..1955a58 100644 --- a/interop/indicator.json +++ b/interop/indicator.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/indicator.json", "$ref": "../schemas/sdos/indicator.json", "required": [ "name", diff --git a/interop/infrastructure.json b/interop/infrastructure.json index 16dd44a..8b7c446 100644 --- a/interop/infrastructure.json +++ b/interop/infrastructure.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/infrastructure.json", "$ref": "../schemas/sdos/infrastructure.json", "required": [ "infrastructure_types", diff --git a/interop/intrusion-set.json b/interop/intrusion-set.json index 66f0e2b..b54d253 100644 --- a/interop/intrusion-set.json +++ b/interop/intrusion-set.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/intrusion-set.json", "$ref": "../schemas/sdos/intrusion-set.json", "required": [ "resource_leve", diff --git a/interop/location.json b/interop/location.json index b7be079..0ca40f3 100644 --- a/interop/location.json +++ b/interop/location.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/location.json", "$ref": "../schemas/sdos/location.json", "required": [ "region", diff --git a/interop/malware-analysis.json b/interop/malware-analysis.json index 5e41b82..9dcacda 100644 --- a/interop/malware-analysis.json +++ b/interop/malware-analysis.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/malware-analysis.json", "$ref": "../schemas/sdos/malware-analysis.json", "required": [ "version", diff --git a/interop/malware.json b/interop/malware.json index bf0e684..2e8d793 100644 --- a/interop/malware.json +++ b/interop/malware.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/malware.json", "$ref": "../schemas/sdos/malware.json", "required": [ "name", diff --git a/interop/note.json b/interop/note.json index e6e6708..daa8da3 100644 --- a/interop/note.json +++ b/interop/note.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/note.json", "$ref": "../schemas/sdos/note.json", "required": [ "created_by_ref" diff --git a/interop/opinion.json b/interop/opinion.json index 44355f2..7a894c9 100644 --- a/interop/opinion.json +++ b/interop/opinion.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/opinion.json", "$ref": "../schemas/sdos/opinion.json", "required": [ "created_by_ref" diff --git a/interop/relationship.json b/interop/relationship.json index e174714..8357efd 100644 --- a/interop/relationship.json +++ b/interop/relationship.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/relationship.json", "$ref": "../sros/relationship.json", "required": [ "created_by_ref" diff --git a/interop/report.json b/interop/report.json index e28130e..ce7373c 100644 --- a/interop/report.json +++ b/interop/report.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/report.json", "$ref": "../schemas/sdos/report.json", "required": [ "report_types", diff --git a/interop/sighting.json b/interop/sighting.json index b9c069b..828b924 100644 --- a/interop/sighting.json +++ b/interop/sighting.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/sighting.json", "$ref": "../sros/sighting.json", "required": [ "first_seen", diff --git a/interop/threat-actor.json b/interop/threat-actor.json index 632b6c6..69d7ea9 100644 --- a/interop/threat-actor.json +++ b/interop/threat-actor.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/threat-actor.json", "$ref": "../schemas/sdos/threat-actor.json", "required": [ "threat_actor_types", diff --git a/interop/tool.json b/interop/tool.json index 7bb09e4..6df9ef8 100644 --- a/interop/tool.json +++ b/interop/tool.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/tool.json", "$ref": "../schemas/sdos/tool.json", "required": [ "tool_types", diff --git a/interop/vulnerability.json b/interop/vulnerability.json index 0fc4f29..205941c 100644 --- a/interop/vulnerability.json +++ b/interop/vulnerability.json @@ -1,4 +1,5 @@ { + "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/vulnerability.json", "$ref": "../schemas/sdos/vulnerability.json", "required": [ "external_references:", From ab5e2bc3a7b7102693c06ff538b52fee1d9fa191 Mon Sep 17 00:00:00 2001 From: jweissm Date: Tue, 15 Mar 2022 13:23:05 -0700 Subject: [PATCH 08/18] added changed common/core.json back to its normal state, addded and interop core.json file to deal with interop object markings --- interop/attack-pattern.json | 3 +++ interop/campaign.json | 3 +++ interop/core.json | 30 ++++++++++++++++++++++++++++++ interop/course-of-action.json | 3 +++ interop/grouping.json | 3 +++ interop/indicator.json | 3 +++ interop/infrastructure.json | 3 +++ interop/intrusion-set.json | 3 +++ interop/location.json | 3 +++ interop/malware-analysis.json | 3 +++ interop/malware.json | 3 +++ interop/note.json | 3 +++ interop/observed-data.json | 3 +++ interop/opinion.json | 3 +++ interop/relationship.json | 3 +++ interop/report.json | 3 +++ interop/sighting.json | 3 +++ interop/threat-actor.json | 3 +++ interop/tool.json | 3 +++ interop/vulnerability.json | 3 +++ schemas/common/core.json | 22 ++++------------------ 21 files changed, 91 insertions(+), 18 deletions(-) create mode 100644 interop/core.json diff --git a/interop/attack-pattern.json b/interop/attack-pattern.json index 6571d10..7264f0b 100644 --- a/interop/attack-pattern.json +++ b/interop/attack-pattern.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/attack-pattern.json", "$ref": "../schemas/sdos/attack-pattern.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "external_references", "kill_chain_phases", diff --git a/interop/campaign.json b/interop/campaign.json index 465f700..b4b4468 100644 --- a/interop/campaign.json +++ b/interop/campaign.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/campaign.json", "$ref": "../schemas/sdos/campaign.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "created_by_ref" ] diff --git a/interop/core.json b/interop/core.json new file mode 100644 index 0000000..8367ff0 --- /dev/null +++ b/interop/core.json @@ -0,0 +1,30 @@ +{ + "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/core.json", + "$schema": "http://json-schema.org/draft-2020-12/schema#", + "title": "core", + "description": "Unique interop properties", + "type": "object", + "properties": { + "object_marking_refs": { + "type": "array", + "description": "The list of marking-definition objects to be applied to this object.", + "contains": { + "pattern":"^marking-definition--((613f2e26-407d-48c7-9eca-b8e91df99dc9)|(34098fce-860f-48ae-8e50-ebd3cc5e41da)|(f88d31f6-486f-44da-b317-01333bde0b82)|(5e57c739-391a-4eb3-b6be-7d15ca92d5ed))$" + }, + "minContains": 0, + "maxContains": 1, + "items": { + "allOf":[ + { + "$ref": "../common/identifier.json" + }, + { + "pattern": "^marking-definition--" + + } + ] + }, + "minItems": 1 + } + } + } \ No newline at end of file diff --git a/interop/course-of-action.json b/interop/course-of-action.json index 6853f51..1597583 100644 --- a/interop/course-of-action.json +++ b/interop/course-of-action.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/campaign.json", "$ref": "../schemas/sdos/course-of-action.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "created_by_ref" ] diff --git a/interop/grouping.json b/interop/grouping.json index c72c275..98f79e7 100644 --- a/interop/grouping.json +++ b/interop/grouping.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/grouping.json", "$ref": "../schemas/sdos/grouping.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "identities_class", "created_by_ref" diff --git a/interop/indicator.json b/interop/indicator.json index 1955a58..6ad617f 100644 --- a/interop/indicator.json +++ b/interop/indicator.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/indicator.json", "$ref": "../schemas/sdos/indicator.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "name", "indicator_types", diff --git a/interop/infrastructure.json b/interop/infrastructure.json index 8b7c446..4f4eaca 100644 --- a/interop/infrastructure.json +++ b/interop/infrastructure.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/infrastructure.json", "$ref": "../schemas/sdos/infrastructure.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "infrastructure_types", "created_by_ref" diff --git a/interop/intrusion-set.json b/interop/intrusion-set.json index b54d253..788878a 100644 --- a/interop/intrusion-set.json +++ b/interop/intrusion-set.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/intrusion-set.json", "$ref": "../schemas/sdos/intrusion-set.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "resource_leve", "primary_motivation", diff --git a/interop/location.json b/interop/location.json index 0ca40f3..d100890 100644 --- a/interop/location.json +++ b/interop/location.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/location.json", "$ref": "../schemas/sdos/location.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "region", "created_by_ref" diff --git a/interop/malware-analysis.json b/interop/malware-analysis.json index 9dcacda..e97c04a 100644 --- a/interop/malware-analysis.json +++ b/interop/malware-analysis.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/malware-analysis.json", "$ref": "../schemas/sdos/malware-analysis.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "version", "submitted", diff --git a/interop/malware.json b/interop/malware.json index 2e8d793..718f915 100644 --- a/interop/malware.json +++ b/interop/malware.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/malware.json", "$ref": "../schemas/sdos/malware.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "name", "malware_types", diff --git a/interop/note.json b/interop/note.json index daa8da3..b8e0adf 100644 --- a/interop/note.json +++ b/interop/note.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/note.json", "$ref": "../schemas/sdos/note.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "created_by_ref" ] diff --git a/interop/observed-data.json b/interop/observed-data.json index 8080173..8d18c6f 100644 --- a/interop/observed-data.json +++ b/interop/observed-data.json @@ -1,6 +1,9 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/observed-data.json", "$ref": "../schemas/sdos/observed-data.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "object_refs", "created_by_ref" diff --git a/interop/opinion.json b/interop/opinion.json index 7a894c9..054b10b 100644 --- a/interop/opinion.json +++ b/interop/opinion.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/opinion.json", "$ref": "../schemas/sdos/opinion.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "created_by_ref" ] diff --git a/interop/relationship.json b/interop/relationship.json index 8357efd..fa4a2e1 100644 --- a/interop/relationship.json +++ b/interop/relationship.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/relationship.json", "$ref": "../sros/relationship.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "created_by_ref" ] diff --git a/interop/report.json b/interop/report.json index ce7373c..cda1698 100644 --- a/interop/report.json +++ b/interop/report.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/report.json", "$ref": "../schemas/sdos/report.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "report_types", "created_by_ref" diff --git a/interop/sighting.json b/interop/sighting.json index 828b924..6fade0e 100644 --- a/interop/sighting.json +++ b/interop/sighting.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/sighting.json", "$ref": "../sros/sighting.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "first_seen", "last_seen", diff --git a/interop/threat-actor.json b/interop/threat-actor.json index 69d7ea9..77bec8a 100644 --- a/interop/threat-actor.json +++ b/interop/threat-actor.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/threat-actor.json", "$ref": "../schemas/sdos/threat-actor.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "threat_actor_types", "roles", diff --git a/interop/tool.json b/interop/tool.json index 6df9ef8..6f9d3c6 100644 --- a/interop/tool.json +++ b/interop/tool.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/tool.json", "$ref": "../schemas/sdos/tool.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "tool_types", "created_by_ref" diff --git a/interop/vulnerability.json b/interop/vulnerability.json index 205941c..6c6bb16 100644 --- a/interop/vulnerability.json +++ b/interop/vulnerability.json @@ -1,6 +1,9 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/vulnerability.json", "$ref": "../schemas/sdos/vulnerability.json", + "allOf":[ + {"$ref": "core.json"} + ], "required": [ "external_references:", "created_by_ref" diff --git a/schemas/common/core.json b/schemas/common/core.json index fa345ac..18db6d8 100644 --- a/schemas/common/core.json +++ b/schemas/common/core.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/core.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft-07/schema#", "title": "core", "description": "Common properties and behavior across all STIX Domain Objects and STIX Relationship Objects.", "type": "object", @@ -91,21 +91,8 @@ "object_marking_refs": { "type": "array", "description": "The list of marking-definition objects to be applied to this object.", - "contains": { - "pattern":"^marking-definition--((613f2e26-407d-48c7-9eca-b8e91df99dc9)|(34098fce-860f-48ae-8e50-ebd3cc5e41da)|(f88d31f6-486f-44da-b317-01333bde0b82)|(5e57c739-391a-4eb3-b6be-7d15ca92d5ed))$" - }, - "minContains": 0, - "maxContains": 1, "items": { - "allOf":[ - { - "$ref": "../common/identifier.json" - }, - { - "pattern": "^marking-definition--" - - } - ] + "$ref": "../common/identifier.json" }, "minItems": 1 }, @@ -159,7 +146,6 @@ "spec_version", "id", "created", - "modified", - "created_by_ref" + "modified" ] -} +} \ No newline at end of file From 243f45218e9e86846633899366e8856ffa79ccf6 Mon Sep 17 00:00:00 2001 From: jweissm Date: Tue, 29 Mar 2022 13:13:00 -0700 Subject: [PATCH 09/18] fixed interop documetns, changed schema to draft2020-12 --- interop/attack-pattern.json | 10 ++-- interop/campaign.json | 10 ++-- interop/core.json | 53 +++++++++++-------- interop/course-of-action.json | 9 +++- interop/grouping.json | 10 ++-- interop/indicator.json | 10 ++-- interop/infrastructure.json | 10 ++-- interop/intrusion-set.json | 10 ++-- interop/location.json | 10 ++-- interop/malware-analysis.json | 10 ++-- interop/malware.json | 9 +++- interop/note.json | 10 ++-- interop/observed-data.json | 10 ++-- interop/opinion.json | 10 ++-- interop/relationship.json | 10 ++-- interop/report.json | 10 ++-- interop/sighting.json | 10 ++-- interop/threat-actor.json | 10 ++-- interop/tool.json | 10 ++-- interop/vulnerability.json | 10 ++-- schemas/common/binary.json | 2 +- schemas/common/bundle.json | 2 +- schemas/common/cyber-observable-core.json | 2 +- schemas/common/dictionary.json | 2 +- schemas/common/extension-definition.json | 2 +- schemas/common/extension.json | 2 +- schemas/common/external-reference.json | 2 +- schemas/common/granular-marking.json | 2 +- schemas/common/hashes-type.json | 2 +- schemas/common/hex.json | 2 +- schemas/common/identifier.json | 2 +- schemas/common/kill-chain-phase.json | 2 +- schemas/common/language-content.json | 2 +- schemas/common/marking-definition.json | 2 +- schemas/common/properties.json | 2 +- schemas/common/timestamp.json | 2 +- schemas/common/url-regex.json | 2 +- schemas/observables/artifact.json | 2 +- schemas/observables/autonomous-system.json | 2 +- schemas/observables/directory.json | 2 +- schemas/observables/domain-name.json | 2 +- schemas/observables/email-addr.json | 2 +- schemas/observables/email-message.json | 2 +- schemas/observables/file.json | 2 +- schemas/observables/ipv4-addr.json | 2 +- schemas/observables/ipv6-addr.json | 2 +- schemas/observables/mac-addr.json | 2 +- schemas/observables/mutex.json | 2 +- schemas/observables/network-traffic.json | 2 +- schemas/observables/process.json | 2 +- schemas/observables/software.json | 2 +- schemas/observables/url.json | 2 +- schemas/observables/user-account.json | 2 +- schemas/observables/windows-registry-key.json | 2 +- schemas/observables/x509-certificate.json | 2 +- schemas/sdos/attack-pattern.json | 2 +- schemas/sdos/campaign.json | 2 +- schemas/sdos/course-of-action.json | 2 +- schemas/sdos/grouping.json | 2 +- schemas/sdos/identity.json | 2 +- schemas/sdos/incident.json | 2 +- schemas/sdos/indicator.json | 2 +- schemas/sdos/infrastructure.json | 2 +- schemas/sdos/intrusion-set.json | 2 +- schemas/sdos/location.json | 2 +- schemas/sdos/malware-analysis.json | 2 +- schemas/sdos/malware.json | 2 +- schemas/sdos/note.json | 2 +- schemas/sdos/observed-data.json | 2 +- schemas/sdos/opinion.json | 2 +- schemas/sdos/report.json | 2 +- schemas/sdos/threat-actor.json | 2 +- schemas/sdos/tool.json | 2 +- schemas/sdos/vulnerability.json | 2 +- schemas/sros/relationship.json | 2 +- validate_testor.json | 53 +++++++++---------- 76 files changed, 245 insertions(+), 159 deletions(-) diff --git a/interop/attack-pattern.json b/interop/attack-pattern.json index 7264f0b..921ef95 100644 --- a/interop/attack-pattern.json +++ b/interop/attack-pattern.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/attack-pattern.json", - "$ref": "../schemas/sdos/attack-pattern.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/attack-pattern.json" + } ], "required": [ "external_references", diff --git a/interop/campaign.json b/interop/campaign.json index b4b4468..0738096 100644 --- a/interop/campaign.json +++ b/interop/campaign.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/campaign.json", - "$ref": "../schemas/sdos/campaign.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/campaign.json" + } ], "required": [ "created_by_ref" diff --git a/interop/core.json b/interop/core.json index 8367ff0..4da10db 100644 --- a/interop/core.json +++ b/interop/core.json @@ -1,30 +1,39 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/core.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "core", "description": "Unique interop properties", "type": "object", - "properties": { - "object_marking_refs": { - "type": "array", - "description": "The list of marking-definition objects to be applied to this object.", - "contains": { - "pattern":"^marking-definition--((613f2e26-407d-48c7-9eca-b8e91df99dc9)|(34098fce-860f-48ae-8e50-ebd3cc5e41da)|(f88d31f6-486f-44da-b317-01333bde0b82)|(5e57c739-391a-4eb3-b6be-7d15ca92d5ed))$" - }, - "minContains": 0, - "maxContains": 1, - "items": { - "allOf":[ - { - "$ref": "../common/identifier.json" + "allOf": [ + { + "$ref": "../schemas/common/core.json" + }, + { + "properties": { + "object_marking_refs": { + "type": "array", + "description": "The list of marking-definition objects to be applied to this object.", + "contains": { + "pattern":"^marking-definition--((613f2e26-407d-48c7-9eca-b8e91df99dc9)|(34098fce-860f-48ae-8e50-ebd3cc5e41da)|(f88d31f6-486f-44da-b317-01333bde0b82)|(5e57c739-391a-4eb3-b6be-7d15ca92d5ed))$" }, - { - "pattern": "^marking-definition--" - - } - ] - }, - "minItems": 1 + "minContains": 0, + "maxContains": 1, + "items": { + "allOf":[ + { + "$ref": "../schemas/common/identifier.json" + }, + { + "pattern": "^marking-definition--" + + } + ] + }, + "minItems": 1 + } + } } - } + + ] + } \ No newline at end of file diff --git a/interop/course-of-action.json b/interop/course-of-action.json index 1597583..1b1ce2d 100644 --- a/interop/course-of-action.json +++ b/interop/course-of-action.json @@ -1,8 +1,13 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/campaign.json", "$ref": "../schemas/sdos/course-of-action.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/course-of-action.json" + } ], "required": [ "created_by_ref" diff --git a/interop/grouping.json b/interop/grouping.json index 98f79e7..0d57a1d 100644 --- a/interop/grouping.json +++ b/interop/grouping.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/grouping.json", - "$ref": "../schemas/sdos/grouping.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/grouping.json" + } ], "required": [ "identities_class", diff --git a/interop/indicator.json b/interop/indicator.json index 6ad617f..4d5ffd2 100644 --- a/interop/indicator.json +++ b/interop/indicator.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/indicator.json", - "$ref": "../schemas/sdos/indicator.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/indicator.json" + } ], "required": [ "name", diff --git a/interop/infrastructure.json b/interop/infrastructure.json index 4f4eaca..0d46f9a 100644 --- a/interop/infrastructure.json +++ b/interop/infrastructure.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/infrastructure.json", - "$ref": "../schemas/sdos/infrastructure.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/infrastructure.json" + } ], "required": [ "infrastructure_types", diff --git a/interop/intrusion-set.json b/interop/intrusion-set.json index 788878a..cd6464b 100644 --- a/interop/intrusion-set.json +++ b/interop/intrusion-set.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/intrusion-set.json", - "$ref": "../schemas/sdos/intrusion-set.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/intrusion-set.json" + } ], "required": [ "resource_leve", diff --git a/interop/location.json b/interop/location.json index d100890..cd70315 100644 --- a/interop/location.json +++ b/interop/location.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/location.json", - "$ref": "../schemas/sdos/location.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/location.json" + } ], "required": [ "region", diff --git a/interop/malware-analysis.json b/interop/malware-analysis.json index e97c04a..4c726e1 100644 --- a/interop/malware-analysis.json +++ b/interop/malware-analysis.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/malware-analysis.json", - "$ref": "../schemas/sdos/malware-analysis.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/malware-analysis.json" + } ], "required": [ "version", diff --git a/interop/malware.json b/interop/malware.json index 718f915..aa05213 100644 --- a/interop/malware.json +++ b/interop/malware.json @@ -1,8 +1,13 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/malware.json", "$ref": "../schemas/sdos/malware.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/malware.json" + } ], "required": [ "name", diff --git a/interop/note.json b/interop/note.json index b8e0adf..16745f1 100644 --- a/interop/note.json +++ b/interop/note.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/note.json", - "$ref": "../schemas/sdos/note.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/note.json" + } ], "required": [ "created_by_ref" diff --git a/interop/observed-data.json b/interop/observed-data.json index 8d18c6f..d074e69 100644 --- a/interop/observed-data.json +++ b/interop/observed-data.json @@ -1,8 +1,12 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/observed-data.json", - "$ref": "../schemas/sdos/observed-data.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/observed-data.json" + } ], "required": [ "object_refs", diff --git a/interop/opinion.json b/interop/opinion.json index 054b10b..cff0ea4 100644 --- a/interop/opinion.json +++ b/interop/opinion.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/opinion.json", - "$ref": "../schemas/sdos/opinion.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/opinion.json" + } ], "required": [ "created_by_ref" diff --git a/interop/relationship.json b/interop/relationship.json index fa4a2e1..c879851 100644 --- a/interop/relationship.json +++ b/interop/relationship.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/relationship.json", - "$ref": "../sros/relationship.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sros/relationship.json" + } ], "required": [ "created_by_ref" diff --git a/interop/report.json b/interop/report.json index cda1698..d420669 100644 --- a/interop/report.json +++ b/interop/report.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/report.json", - "$ref": "../schemas/sdos/report.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/report.json" + } ], "required": [ "report_types", diff --git a/interop/sighting.json b/interop/sighting.json index 6fade0e..270df55 100644 --- a/interop/sighting.json +++ b/interop/sighting.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/sighting.json", - "$ref": "../sros/sighting.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sros/sighting.json" + } ], "required": [ "first_seen", diff --git a/interop/threat-actor.json b/interop/threat-actor.json index 77bec8a..d0b202a 100644 --- a/interop/threat-actor.json +++ b/interop/threat-actor.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/threat-actor.json", - "$ref": "../schemas/sdos/threat-actor.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/threat-actor.json" + } ], "required": [ "threat_actor_types", diff --git a/interop/tool.json b/interop/tool.json index 6f9d3c6..2323369 100644 --- a/interop/tool.json +++ b/interop/tool.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/tool.json", - "$ref": "../schemas/sdos/tool.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/tool.json" + } ], "required": [ "tool_types", diff --git a/interop/vulnerability.json b/interop/vulnerability.json index 6c6bb16..902dfea 100644 --- a/interop/vulnerability.json +++ b/interop/vulnerability.json @@ -1,8 +1,12 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/vulnerability.json", - "$ref": "../schemas/sdos/vulnerability.json", - "allOf":[ - {"$ref": "core.json"} + "allOf": [ + { + "$ref": "core.json" + }, + { + "$ref": "../schemas/sdos/vulnerability.json" + } ], "required": [ "external_references:", diff --git a/schemas/common/binary.json b/schemas/common/binary.json index 2ba930f..60c6339 100644 --- a/schemas/common/binary.json +++ b/schemas/common/binary.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/binary.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "binary", "description": "The ​binary data type represents a sequence of bytes. In order to allow pattern matching on custom objects, for all properties that use the binary type, the property name MUST end with '_bin'. The JSON MTI serialization represents this as a base64-­encoded string as specified in RFC4648​. Other serializations SHOULD use a native binary type, if available.", "type": "string", diff --git a/schemas/common/bundle.json b/schemas/common/bundle.json index d5f9695..dc08a36 100644 --- a/schemas/common/bundle.json +++ b/schemas/common/bundle.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/bundle.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "bundle", "description": "A Bundle is a collection of arbitrary STIX Objects and Marking Definitions grouped together in a single container.", "type": "object", diff --git a/schemas/common/cyber-observable-core.json b/schemas/common/cyber-observable-core.json index de75a81..d9b42cc 100644 --- a/schemas/common/cyber-observable-core.json +++ b/schemas/common/cyber-observable-core.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/cyber-observable-core.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "cyber-observable-core", "description": "Common properties and behavior across all Cyber Observable Objects.", "type": "object", diff --git a/schemas/common/dictionary.json b/schemas/common/dictionary.json index c048456..25ba803 100644 --- a/schemas/common/dictionary.json +++ b/schemas/common/dictionary.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/dictionary.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "dictionary", "description": "A dictionary captures a set of key/value pairs", "type": "object", diff --git a/schemas/common/extension-definition.json b/schemas/common/extension-definition.json index 8b5152c..08c46cc 100644 --- a/schemas/common/extension-definition.json +++ b/schemas/common/extension-definition.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension-definition.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "extension-definition", "description": "The STIX Extension Definition object allows producers of threat intelligence to extend existing STIX objects or to create entirely new STIX objects in a standardized way.", "type": "object", diff --git a/schemas/common/extension.json b/schemas/common/extension.json index e4cac26..fbe5a4c 100644 --- a/schemas/common/extension.json +++ b/schemas/common/extension.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "type": "object", "minProperties": 1, "properties": { diff --git a/schemas/common/external-reference.json b/schemas/common/external-reference.json index 7dcc10f..c83d8e4 100644 --- a/schemas/common/external-reference.json +++ b/schemas/common/external-reference.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/external-reference.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "external-reference", "description": "External references are used to describe pointers to information represented outside of STIX.", "type": "object", diff --git a/schemas/common/granular-marking.json b/schemas/common/granular-marking.json index 7305926..5850626 100644 --- a/schemas/common/granular-marking.json +++ b/schemas/common/granular-marking.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/granular-marking.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "granular-marking", "description": "The granular-marking type defines how the list of marking-definition objects referenced by the marking_refs property to apply to a set of content identified by the list of selectors in the selectors property.", "type": "object", diff --git a/schemas/common/hashes-type.json b/schemas/common/hashes-type.json index 0260193..91a82a3 100644 --- a/schemas/common/hashes-type.json +++ b/schemas/common/hashes-type.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hashes-type.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "hashes", "description": "The Hashes type represents one or more cryptographic hashes, as a special set of key/value pairs", "type": "object", diff --git a/schemas/common/hex.json b/schemas/common/hex.json index 1e53931..2d1102c 100644 --- a/schemas/common/hex.json +++ b/schemas/common/hex.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hex.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "hex", "description": "The hex data type encodes an array of octets (8-bit bytes) as hexadecimal. The string MUST consist of an even number of hexadecimal characters, which are the digits '0' through '9' and the letters 'a' through 'f'. In order to allow pattern matching on custom objects, all properties that use the hex type, the property name MUST end with '_hex'.", "type": "string", diff --git a/schemas/common/identifier.json b/schemas/common/identifier.json index 2f280e7..5f2c3be 100644 --- a/schemas/common/identifier.json +++ b/schemas/common/identifier.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/identifier.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "identifier", "description": "Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.", "type": "string", diff --git a/schemas/common/kill-chain-phase.json b/schemas/common/kill-chain-phase.json index 8c3fdda..eb73206 100644 --- a/schemas/common/kill-chain-phase.json +++ b/schemas/common/kill-chain-phase.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/kill-chain-phase.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "kill-chain-phase", "description": "The kill-chain-phase represents a phase in a kill chain.", "type": "object", diff --git a/schemas/common/language-content.json b/schemas/common/language-content.json index a4de174..8d495f1 100644 --- a/schemas/common/language-content.json +++ b/schemas/common/language-content.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/language-content.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "language-content", "description": "The language-content object represents text content for STIX Objects represented in languages other than that of the original object.", "type": "object", diff --git a/schemas/common/marking-definition.json b/schemas/common/marking-definition.json index 782e8dd..83a12ac 100644 --- a/schemas/common/marking-definition.json +++ b/schemas/common/marking-definition.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/marking-definition.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "marking-definition", "description": "The marking-definition object represents a specific marking.", "type": "object", diff --git a/schemas/common/properties.json b/schemas/common/properties.json index 255945b..66d7c7d 100644 --- a/schemas/common/properties.json +++ b/schemas/common/properties.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/properties.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "properties", "description": "Rules for custom properties", "patternProperties": { diff --git a/schemas/common/timestamp.json b/schemas/common/timestamp.json index 643c748..e741cd3 100644 --- a/schemas/common/timestamp.json +++ b/schemas/common/timestamp.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/timestamp.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "timestamp", "description": "Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.", "type": "string", diff --git a/schemas/common/url-regex.json b/schemas/common/url-regex.json index 097a45b..424398d 100644 --- a/schemas/common/url-regex.json +++ b/schemas/common/url-regex.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/url-regex.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "url-regex", "description": "Matches a URI according to RFC 3986.", "type": "string", diff --git a/schemas/observables/artifact.json b/schemas/observables/artifact.json index c782a48..dc1d174 100644 --- a/schemas/observables/artifact.json +++ b/schemas/observables/artifact.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/artifact.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "artifact", "description": "The Artifact Object permits capturing an array of bytes (8-bits), as a base64-encoded string string, or linking to a file-like payload.", "type": "object", diff --git a/schemas/observables/autonomous-system.json b/schemas/observables/autonomous-system.json index fd9da0e..b004063 100644 --- a/schemas/observables/autonomous-system.json +++ b/schemas/observables/autonomous-system.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/autonomous-system.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "autonomous-system", "description": "The AS object represents the properties of an Autonomous Systems (AS).", "type": "object", diff --git a/schemas/observables/directory.json b/schemas/observables/directory.json index ed8a591..070e7f0 100644 --- a/schemas/observables/directory.json +++ b/schemas/observables/directory.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/directory.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "directory", "description": "The Directory Object represents the properties common to a file system directory.", "type": "object", diff --git a/schemas/observables/domain-name.json b/schemas/observables/domain-name.json index 972f79d..a9c04ba 100644 --- a/schemas/observables/domain-name.json +++ b/schemas/observables/domain-name.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/domain-name.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "domain-name", "description": "The Domain Name represents the properties of a network domain name.", "type": "object", diff --git a/schemas/observables/email-addr.json b/schemas/observables/email-addr.json index ce27930..b963e21 100644 --- a/schemas/observables/email-addr.json +++ b/schemas/observables/email-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-addr.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "email-addr", "description": "The Email Address Object represents a single email address.", "type": "object", diff --git a/schemas/observables/email-message.json b/schemas/observables/email-message.json index 189728f..5b06aba 100644 --- a/schemas/observables/email-message.json +++ b/schemas/observables/email-message.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-message.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "email-message", "description": "The Email Message Object represents an instance of an email message.", "type": "object", diff --git a/schemas/observables/file.json b/schemas/observables/file.json index 106882b..66b983b 100644 --- a/schemas/observables/file.json +++ b/schemas/observables/file.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/file.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "file", "description": "The File Object represents the properties of a file.", "type": "object", diff --git a/schemas/observables/ipv4-addr.json b/schemas/observables/ipv4-addr.json index d3b3565..2e87d64 100644 --- a/schemas/observables/ipv4-addr.json +++ b/schemas/observables/ipv4-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv4-addr.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "ipv4-addr", "description": "The IPv4 Address Object represents one or more IPv4 addresses expressed using CIDR notation.", "type": "object", diff --git a/schemas/observables/ipv6-addr.json b/schemas/observables/ipv6-addr.json index 7dc9970..9f28782 100644 --- a/schemas/observables/ipv6-addr.json +++ b/schemas/observables/ipv6-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv6-addr.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "ipv6-addr", "description": "The IPv6 Address Object represents one or more IPv6 addresses expressed using CIDR notation.", "type": "object", diff --git a/schemas/observables/mac-addr.json b/schemas/observables/mac-addr.json index c220069..d545e82 100644 --- a/schemas/observables/mac-addr.json +++ b/schemas/observables/mac-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mac-addr.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "mac-addr", "description": "The MAC Address Object represents a single Media Access Control (MAC) address.", "type": "object", diff --git a/schemas/observables/mutex.json b/schemas/observables/mutex.json index 705710b..eb632dc 100644 --- a/schemas/observables/mutex.json +++ b/schemas/observables/mutex.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mutex.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "mutex", "description": "The Mutex Object represents the properties of a mutual exclusion (mutex) object.", "type": "object", diff --git a/schemas/observables/network-traffic.json b/schemas/observables/network-traffic.json index 0e34394..f8ced17 100644 --- a/schemas/observables/network-traffic.json +++ b/schemas/observables/network-traffic.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/network-traffic.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "network-traffic", "description": "The Network Traffic Object represents arbitrary network traffic that originates from a source and is addressed to a destination.", "type": "object", diff --git a/schemas/observables/process.json b/schemas/observables/process.json index cd2bd12..c75f2f8 100644 --- a/schemas/observables/process.json +++ b/schemas/observables/process.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/process.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "process", "description": "The Process Object represents common properties of an instance of a computer program as executed on an operating system.", "type": "object", diff --git a/schemas/observables/software.json b/schemas/observables/software.json index 7ba9c7c..e487597 100644 --- a/schemas/observables/software.json +++ b/schemas/observables/software.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/software.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "software", "description": "The Software Object represents high-level properties associated with software, including software products.", "type": "object", diff --git a/schemas/observables/url.json b/schemas/observables/url.json index beef3f4..8eb6445 100644 --- a/schemas/observables/url.json +++ b/schemas/observables/url.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/url.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "url", "description": "The URL Object represents the properties of a uniform resource locator (URL).", "type": "object", diff --git a/schemas/observables/user-account.json b/schemas/observables/user-account.json index 9203017..f1287d4 100644 --- a/schemas/observables/user-account.json +++ b/schemas/observables/user-account.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/user-account.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "user-account", "description": "The User Account Object represents an instance of any type of user account, including but not limited to operating system, device, messaging service, and social media platform accounts.", "type": "object", diff --git a/schemas/observables/windows-registry-key.json b/schemas/observables/windows-registry-key.json index 2e66e64..061c3ed 100644 --- a/schemas/observables/windows-registry-key.json +++ b/schemas/observables/windows-registry-key.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/windows-registry-key.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "windows-registry-key", "description": "The Registry Key Object represents the properties of a Windows registry key.", "type": "object", diff --git a/schemas/observables/x509-certificate.json b/schemas/observables/x509-certificate.json index 8e39ab0..0ca9ee2 100644 --- a/schemas/observables/x509-certificate.json +++ b/schemas/observables/x509-certificate.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/x509-certificate.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "x509-certificate", "description": "The X509 Certificate Object represents the properties of an X.509 certificate.", "type": "object", diff --git a/schemas/sdos/attack-pattern.json b/schemas/sdos/attack-pattern.json index 481773f..9f441ee 100644 --- a/schemas/sdos/attack-pattern.json +++ b/schemas/sdos/attack-pattern.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/attack-pattern.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "attack-pattern", "description": "Attack Patterns are a type of TTP that describe ways that adversaries attempt to compromise targets. ", "type": "object", diff --git a/schemas/sdos/campaign.json b/schemas/sdos/campaign.json index 46907dd..4d5ad1d 100644 --- a/schemas/sdos/campaign.json +++ b/schemas/sdos/campaign.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/campaign.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "campaign", "description": "A Campaign is a grouping of adversary behavior that describes a set of malicious activities or attacks that occur over a period of time against a specific set of targets.", "type": "object", diff --git a/schemas/sdos/course-of-action.json b/schemas/sdos/course-of-action.json index a054681..c3f7356 100644 --- a/schemas/sdos/course-of-action.json +++ b/schemas/sdos/course-of-action.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/course-of-action.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "course-of-action", "description": "A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress. ", "type": "object", diff --git a/schemas/sdos/grouping.json b/schemas/sdos/grouping.json index 211847b..8e228d5 100644 --- a/schemas/sdos/grouping.json +++ b/schemas/sdos/grouping.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/grouping.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "grouping", "description": "A Grouping object explicitly asserts that the referenced STIX Objects have a shared content.", "type": "object", diff --git a/schemas/sdos/identity.json b/schemas/sdos/identity.json index 5b3144d..7dbdbff 100644 --- a/schemas/sdos/identity.json +++ b/schemas/sdos/identity.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/identity.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "identity", "description": "Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, or groups.", "type": "object", diff --git a/schemas/sdos/incident.json b/schemas/sdos/incident.json index 9102f24..83d5e1e 100644 --- a/schemas/sdos/incident.json +++ b/schemas/sdos/incident.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/incident.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "incident", "description": "The Incident object in STIX 2.1 is a stub, to be expanded in future STIX 2 releases.", "type": "object", diff --git a/schemas/sdos/indicator.json b/schemas/sdos/indicator.json index fac727c..f3b26ce 100644 --- a/schemas/sdos/indicator.json +++ b/schemas/sdos/indicator.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/indicator.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "indicator", "description": "Indicators contain a pattern that can be used to detect suspicious or malicious cyber activity.", "type": "object", diff --git a/schemas/sdos/infrastructure.json b/schemas/sdos/infrastructure.json index 147be64..e4650c4 100644 --- a/schemas/sdos/infrastructure.json +++ b/schemas/sdos/infrastructure.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/infrastructure.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "infrastructure", "description": "Infrastructure objects describe systems, software services, and associated physical or virtual resources.", "type": "object", diff --git a/schemas/sdos/intrusion-set.json b/schemas/sdos/intrusion-set.json index fdaef8f..29a2972 100644 --- a/schemas/sdos/intrusion-set.json +++ b/schemas/sdos/intrusion-set.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/intrusion-set.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "intrusion-set", "description": "An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization.", "type": "object", diff --git a/schemas/sdos/location.json b/schemas/sdos/location.json index 4c8a3fc..360d8c9 100644 --- a/schemas/sdos/location.json +++ b/schemas/sdos/location.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/location.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "location", "description": "A Location represents a geographic location. The location may be described as any, some or all of the following: region (e.g., North America), civic address (e.g. New York, US), latitude and longitude.", "type": "object", diff --git a/schemas/sdos/malware-analysis.json b/schemas/sdos/malware-analysis.json index 02fa60e..4c788b3 100644 --- a/schemas/sdos/malware-analysis.json +++ b/schemas/sdos/malware-analysis.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware-analysis.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "malware-analysis", "description": "Malware Analysis captures the metadata and results of a particular analysis performed (static or dynamic) on the malware instance or family.", "type": "object", diff --git a/schemas/sdos/malware.json b/schemas/sdos/malware.json index de16bfe..8646fd8 100644 --- a/schemas/sdos/malware.json +++ b/schemas/sdos/malware.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "malware", "description": "Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.", "type": "object", diff --git a/schemas/sdos/note.json b/schemas/sdos/note.json index c898991..6f062b8 100644 --- a/schemas/sdos/note.json +++ b/schemas/sdos/note.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/note.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "note", "description": "A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object.", "type": "object", diff --git a/schemas/sdos/observed-data.json b/schemas/sdos/observed-data.json index 37eec7a..e365fcd 100644 --- a/schemas/sdos/observed-data.json +++ b/schemas/sdos/observed-data.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/observed-data.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "observed-data", "description": "Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification.", "type": "object", diff --git a/schemas/sdos/opinion.json b/schemas/sdos/opinion.json index a7e06dc..981caa3 100644 --- a/schemas/sdos/opinion.json +++ b/schemas/sdos/opinion.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/opinion.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "opinion", "description": "An Opinion is an assessment of the correctness of the information in a STIX Object produced by a different entity and captures the level of agreement or disagreement using a fixed scale.", "type": "object", diff --git a/schemas/sdos/report.json b/schemas/sdos/report.json index e86c466..7af2a02 100644 --- a/schemas/sdos/report.json +++ b/schemas/sdos/report.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/report.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "report", "description": "Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details.", "type": "object", diff --git a/schemas/sdos/threat-actor.json b/schemas/sdos/threat-actor.json index dd807bf..b369f0b 100644 --- a/schemas/sdos/threat-actor.json +++ b/schemas/sdos/threat-actor.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/threat-actor.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "threat-actor", "description": "Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent.", "type": "object", diff --git a/schemas/sdos/tool.json b/schemas/sdos/tool.json index 0e2faa4..5db6880 100644 --- a/schemas/sdos/tool.json +++ b/schemas/sdos/tool.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/tool.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "tool", "description": "Tools are legitimate software that can be used by threat actors to perform attacks.", "type": "object", diff --git a/schemas/sdos/vulnerability.json b/schemas/sdos/vulnerability.json index 0353f4c..89ddbff 100644 --- a/schemas/sdos/vulnerability.json +++ b/schemas/sdos/vulnerability.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/vulnerability.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "vulnerability", "description": "A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.", "type": "object", diff --git a/schemas/sros/relationship.json b/schemas/sros/relationship.json index 1639cb8..d4bff59 100644 --- a/schemas/sros/relationship.json +++ b/schemas/sros/relationship.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sros/relationship.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "http://json-schema.org/draft2020-12/schema#", "title": "relationship", "description": "The Relationship object is used to link together two SDOs in order to describe how they are related to each other.", "type": "object", diff --git a/validate_testor.json b/validate_testor.json index 8305d23..8d993de 100644 --- a/validate_testor.json +++ b/validate_testor.json @@ -1,30 +1,29 @@ - - { - "type": "attack-pattern", - "spec_version": "2.1", - "id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", - "created": "2016-05-12T08:17:27.000Z", - "modified": "2016-05-12T08:17:27.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", - "name": "Spear Phishing", - "external_references": [ - { - "source_name": "capec", - "external_id": "CAPEC-163" - } - ], - "kill_chain_phases": - [ - { - "kill_chain_name": "example-kill-chain", - "phase_name": "lateral-movement" - } - ], - "object_marking_refs": [ - "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", - "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed" - ] - } +{ + "type": "campaign", + "spec_version": "2.1", + "id": "campaign--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "created": "2016-05-12T08:17:27.000Z", + "modified": "2016-05-12T08:17:27.000Z", + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "name": "Spear Phishing", + "external_references": [ + { + "source_name": "capec", + "external_id": "CAPEC-163" + } + ], + "kill_chain_phases": + [ + { + "kill_chain_name": "example-kill-chain", + "phase_name": "lateral-movement" + } + ], + "object_marking_refs": [ + "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", + "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ec" + ] +} From 6266eee9d313b310d0de82b4be87ca8b0430d621 Mon Sep 17 00:00:00 2001 From: jweissm Date: Fri, 1 Apr 2022 08:16:31 -0700 Subject: [PATCH 10/18] moved json to examples, renamed interop-objectmarking-test.json --- examples/interop-objectmarking-test.json | 28 ++++++++++++++++++++ validate_testor.json | 33 ------------------------ 2 files changed, 28 insertions(+), 33 deletions(-) create mode 100644 examples/interop-objectmarking-test.json delete mode 100644 validate_testor.json diff --git a/examples/interop-objectmarking-test.json b/examples/interop-objectmarking-test.json new file mode 100644 index 0000000..addf3f2 --- /dev/null +++ b/examples/interop-objectmarking-test.json @@ -0,0 +1,28 @@ +{ + "type": "campaign", + "spec_version": "2.1", + "id": "campaign--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "created": "2016-05-12T08:17:27.000Z", + "modified": "2016-05-12T08:17:27.000Z", + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "name": "Spear Phishing", + "external_references": [ + { + "source_name": "capec", + "external_id": "CAPEC-163" + } + ], + "kill_chain_phases": + [ + { + "kill_chain_name": "example-kill-chain", + "phase_name": "lateral-movement" + } + ], + "object_marking_refs": [ + "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", + "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed" + ] + } + + \ No newline at end of file diff --git a/validate_testor.json b/validate_testor.json deleted file mode 100644 index 8d993de..0000000 --- a/validate_testor.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "type": "campaign", - "spec_version": "2.1", - "id": "campaign--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", - "created": "2016-05-12T08:17:27.000Z", - "modified": "2016-05-12T08:17:27.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", - "name": "Spear Phishing", - "external_references": [ - { - "source_name": "capec", - "external_id": "CAPEC-163" - } - ], - "kill_chain_phases": - [ - { - "kill_chain_name": "example-kill-chain", - "phase_name": "lateral-movement" - } - ], - "object_marking_refs": [ - "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", - "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ec" - ] -} - - - - - - - From 36b9ea92dc1634b0b7f40ddc89a60ba3e8a2e454 Mon Sep 17 00:00:00 2001 From: jweissm Date: Fri, 1 Apr 2022 13:45:03 -0700 Subject: [PATCH 11/18] changed draft2020-12 to draft/2020-12 --- interop/core.json | 2 +- schemas/common/binary.json | 2 +- schemas/common/bundle.json | 2 +- schemas/common/cyber-observable-core.json | 2 +- schemas/common/dictionary.json | 2 +- schemas/common/extension-definition.json | 2 +- schemas/common/extension.json | 2 +- schemas/common/external-reference.json | 2 +- schemas/common/granular-marking.json | 2 +- schemas/common/hashes-type.json | 2 +- schemas/common/hex.json | 2 +- schemas/common/identifier.json | 2 +- schemas/common/kill-chain-phase.json | 2 +- schemas/common/language-content.json | 2 +- schemas/common/marking-definition.json | 2 +- schemas/common/properties.json | 2 +- schemas/common/timestamp.json | 2 +- schemas/common/url-regex.json | 2 +- schemas/observables/artifact.json | 2 +- schemas/observables/autonomous-system.json | 2 +- schemas/observables/directory.json | 2 +- schemas/observables/domain-name.json | 2 +- schemas/observables/email-addr.json | 2 +- schemas/observables/email-message.json | 2 +- schemas/observables/file.json | 2 +- schemas/observables/ipv4-addr.json | 2 +- schemas/observables/ipv6-addr.json | 2 +- schemas/observables/mac-addr.json | 2 +- schemas/observables/mutex.json | 2 +- schemas/observables/network-traffic.json | 2 +- schemas/observables/process.json | 2 +- schemas/observables/software.json | 2 +- schemas/observables/url.json | 2 +- schemas/observables/user-account.json | 2 +- schemas/observables/windows-registry-key.json | 2 +- schemas/observables/x509-certificate.json | 2 +- schemas/sdos/attack-pattern.json | 2 +- schemas/sdos/campaign.json | 2 +- schemas/sdos/course-of-action.json | 2 +- schemas/sdos/grouping.json | 2 +- schemas/sdos/identity.json | 2 +- schemas/sdos/incident.json | 2 +- schemas/sdos/indicator.json | 2 +- schemas/sdos/infrastructure.json | 2 +- schemas/sdos/intrusion-set.json | 2 +- schemas/sdos/location.json | 2 +- schemas/sdos/malware-analysis.json | 2 +- schemas/sdos/malware.json | 2 +- schemas/sdos/note.json | 2 +- schemas/sdos/observed-data.json | 2 +- schemas/sdos/opinion.json | 2 +- schemas/sdos/report.json | 2 +- schemas/sdos/threat-actor.json | 2 +- schemas/sdos/tool.json | 2 +- schemas/sdos/vulnerability.json | 2 +- schemas/sros/relationship.json | 2 +- 56 files changed, 56 insertions(+), 56 deletions(-) diff --git a/interop/core.json b/interop/core.json index 4da10db..c9d2ee6 100644 --- a/interop/core.json +++ b/interop/core.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/core.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "core", "description": "Unique interop properties", "type": "object", diff --git a/schemas/common/binary.json b/schemas/common/binary.json index 60c6339..254f0d8 100644 --- a/schemas/common/binary.json +++ b/schemas/common/binary.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/binary.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "binary", "description": "The ​binary data type represents a sequence of bytes. In order to allow pattern matching on custom objects, for all properties that use the binary type, the property name MUST end with '_bin'. The JSON MTI serialization represents this as a base64-­encoded string as specified in RFC4648​. Other serializations SHOULD use a native binary type, if available.", "type": "string", diff --git a/schemas/common/bundle.json b/schemas/common/bundle.json index dc08a36..f456571 100644 --- a/schemas/common/bundle.json +++ b/schemas/common/bundle.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/bundle.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "bundle", "description": "A Bundle is a collection of arbitrary STIX Objects and Marking Definitions grouped together in a single container.", "type": "object", diff --git a/schemas/common/cyber-observable-core.json b/schemas/common/cyber-observable-core.json index d9b42cc..969d98c 100644 --- a/schemas/common/cyber-observable-core.json +++ b/schemas/common/cyber-observable-core.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/cyber-observable-core.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "cyber-observable-core", "description": "Common properties and behavior across all Cyber Observable Objects.", "type": "object", diff --git a/schemas/common/dictionary.json b/schemas/common/dictionary.json index 25ba803..3a26493 100644 --- a/schemas/common/dictionary.json +++ b/schemas/common/dictionary.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/dictionary.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "dictionary", "description": "A dictionary captures a set of key/value pairs", "type": "object", diff --git a/schemas/common/extension-definition.json b/schemas/common/extension-definition.json index 08c46cc..060b870 100644 --- a/schemas/common/extension-definition.json +++ b/schemas/common/extension-definition.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension-definition.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "extension-definition", "description": "The STIX Extension Definition object allows producers of threat intelligence to extend existing STIX objects or to create entirely new STIX objects in a standardized way.", "type": "object", diff --git a/schemas/common/extension.json b/schemas/common/extension.json index fbe5a4c..ffd8a08 100644 --- a/schemas/common/extension.json +++ b/schemas/common/extension.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "type": "object", "minProperties": 1, "properties": { diff --git a/schemas/common/external-reference.json b/schemas/common/external-reference.json index c83d8e4..632e3ad 100644 --- a/schemas/common/external-reference.json +++ b/schemas/common/external-reference.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/external-reference.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "external-reference", "description": "External references are used to describe pointers to information represented outside of STIX.", "type": "object", diff --git a/schemas/common/granular-marking.json b/schemas/common/granular-marking.json index 5850626..c5f664a 100644 --- a/schemas/common/granular-marking.json +++ b/schemas/common/granular-marking.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/granular-marking.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "granular-marking", "description": "The granular-marking type defines how the list of marking-definition objects referenced by the marking_refs property to apply to a set of content identified by the list of selectors in the selectors property.", "type": "object", diff --git a/schemas/common/hashes-type.json b/schemas/common/hashes-type.json index 91a82a3..7ee62ed 100644 --- a/schemas/common/hashes-type.json +++ b/schemas/common/hashes-type.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hashes-type.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "hashes", "description": "The Hashes type represents one or more cryptographic hashes, as a special set of key/value pairs", "type": "object", diff --git a/schemas/common/hex.json b/schemas/common/hex.json index 2d1102c..0f257e0 100644 --- a/schemas/common/hex.json +++ b/schemas/common/hex.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hex.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "hex", "description": "The hex data type encodes an array of octets (8-bit bytes) as hexadecimal. The string MUST consist of an even number of hexadecimal characters, which are the digits '0' through '9' and the letters 'a' through 'f'. In order to allow pattern matching on custom objects, all properties that use the hex type, the property name MUST end with '_hex'.", "type": "string", diff --git a/schemas/common/identifier.json b/schemas/common/identifier.json index 5f2c3be..923b723 100644 --- a/schemas/common/identifier.json +++ b/schemas/common/identifier.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/identifier.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "identifier", "description": "Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.", "type": "string", diff --git a/schemas/common/kill-chain-phase.json b/schemas/common/kill-chain-phase.json index eb73206..d437b03 100644 --- a/schemas/common/kill-chain-phase.json +++ b/schemas/common/kill-chain-phase.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/kill-chain-phase.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "kill-chain-phase", "description": "The kill-chain-phase represents a phase in a kill chain.", "type": "object", diff --git a/schemas/common/language-content.json b/schemas/common/language-content.json index 8d495f1..170e05f 100644 --- a/schemas/common/language-content.json +++ b/schemas/common/language-content.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/language-content.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "language-content", "description": "The language-content object represents text content for STIX Objects represented in languages other than that of the original object.", "type": "object", diff --git a/schemas/common/marking-definition.json b/schemas/common/marking-definition.json index 83a12ac..7abd4a7 100644 --- a/schemas/common/marking-definition.json +++ b/schemas/common/marking-definition.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/marking-definition.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "marking-definition", "description": "The marking-definition object represents a specific marking.", "type": "object", diff --git a/schemas/common/properties.json b/schemas/common/properties.json index 66d7c7d..510ca2e 100644 --- a/schemas/common/properties.json +++ b/schemas/common/properties.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/properties.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "properties", "description": "Rules for custom properties", "patternProperties": { diff --git a/schemas/common/timestamp.json b/schemas/common/timestamp.json index e741cd3..555b6ef 100644 --- a/schemas/common/timestamp.json +++ b/schemas/common/timestamp.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/timestamp.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "timestamp", "description": "Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.", "type": "string", diff --git a/schemas/common/url-regex.json b/schemas/common/url-regex.json index 424398d..4c69a34 100644 --- a/schemas/common/url-regex.json +++ b/schemas/common/url-regex.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/url-regex.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "url-regex", "description": "Matches a URI according to RFC 3986.", "type": "string", diff --git a/schemas/observables/artifact.json b/schemas/observables/artifact.json index dc1d174..84bf512 100644 --- a/schemas/observables/artifact.json +++ b/schemas/observables/artifact.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/artifact.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "artifact", "description": "The Artifact Object permits capturing an array of bytes (8-bits), as a base64-encoded string string, or linking to a file-like payload.", "type": "object", diff --git a/schemas/observables/autonomous-system.json b/schemas/observables/autonomous-system.json index b004063..3279630 100644 --- a/schemas/observables/autonomous-system.json +++ b/schemas/observables/autonomous-system.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/autonomous-system.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "autonomous-system", "description": "The AS object represents the properties of an Autonomous Systems (AS).", "type": "object", diff --git a/schemas/observables/directory.json b/schemas/observables/directory.json index 070e7f0..955171b 100644 --- a/schemas/observables/directory.json +++ b/schemas/observables/directory.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/directory.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "directory", "description": "The Directory Object represents the properties common to a file system directory.", "type": "object", diff --git a/schemas/observables/domain-name.json b/schemas/observables/domain-name.json index a9c04ba..39de662 100644 --- a/schemas/observables/domain-name.json +++ b/schemas/observables/domain-name.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/domain-name.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "domain-name", "description": "The Domain Name represents the properties of a network domain name.", "type": "object", diff --git a/schemas/observables/email-addr.json b/schemas/observables/email-addr.json index b963e21..0bba9ff 100644 --- a/schemas/observables/email-addr.json +++ b/schemas/observables/email-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-addr.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "email-addr", "description": "The Email Address Object represents a single email address.", "type": "object", diff --git a/schemas/observables/email-message.json b/schemas/observables/email-message.json index 5b06aba..e07bdc7 100644 --- a/schemas/observables/email-message.json +++ b/schemas/observables/email-message.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-message.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "email-message", "description": "The Email Message Object represents an instance of an email message.", "type": "object", diff --git a/schemas/observables/file.json b/schemas/observables/file.json index 66b983b..31cfc71 100644 --- a/schemas/observables/file.json +++ b/schemas/observables/file.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/file.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "file", "description": "The File Object represents the properties of a file.", "type": "object", diff --git a/schemas/observables/ipv4-addr.json b/schemas/observables/ipv4-addr.json index 2e87d64..9b2c068 100644 --- a/schemas/observables/ipv4-addr.json +++ b/schemas/observables/ipv4-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv4-addr.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "ipv4-addr", "description": "The IPv4 Address Object represents one or more IPv4 addresses expressed using CIDR notation.", "type": "object", diff --git a/schemas/observables/ipv6-addr.json b/schemas/observables/ipv6-addr.json index 9f28782..48ccf5e 100644 --- a/schemas/observables/ipv6-addr.json +++ b/schemas/observables/ipv6-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv6-addr.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "ipv6-addr", "description": "The IPv6 Address Object represents one or more IPv6 addresses expressed using CIDR notation.", "type": "object", diff --git a/schemas/observables/mac-addr.json b/schemas/observables/mac-addr.json index d545e82..03480f3 100644 --- a/schemas/observables/mac-addr.json +++ b/schemas/observables/mac-addr.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mac-addr.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "mac-addr", "description": "The MAC Address Object represents a single Media Access Control (MAC) address.", "type": "object", diff --git a/schemas/observables/mutex.json b/schemas/observables/mutex.json index eb632dc..2d8ad28 100644 --- a/schemas/observables/mutex.json +++ b/schemas/observables/mutex.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mutex.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "mutex", "description": "The Mutex Object represents the properties of a mutual exclusion (mutex) object.", "type": "object", diff --git a/schemas/observables/network-traffic.json b/schemas/observables/network-traffic.json index f8ced17..2a4cfb8 100644 --- a/schemas/observables/network-traffic.json +++ b/schemas/observables/network-traffic.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/network-traffic.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "network-traffic", "description": "The Network Traffic Object represents arbitrary network traffic that originates from a source and is addressed to a destination.", "type": "object", diff --git a/schemas/observables/process.json b/schemas/observables/process.json index c75f2f8..2dcfd57 100644 --- a/schemas/observables/process.json +++ b/schemas/observables/process.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/process.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "process", "description": "The Process Object represents common properties of an instance of a computer program as executed on an operating system.", "type": "object", diff --git a/schemas/observables/software.json b/schemas/observables/software.json index e487597..fd10dc4 100644 --- a/schemas/observables/software.json +++ b/schemas/observables/software.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/software.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "software", "description": "The Software Object represents high-level properties associated with software, including software products.", "type": "object", diff --git a/schemas/observables/url.json b/schemas/observables/url.json index 8eb6445..5072276 100644 --- a/schemas/observables/url.json +++ b/schemas/observables/url.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/url.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "url", "description": "The URL Object represents the properties of a uniform resource locator (URL).", "type": "object", diff --git a/schemas/observables/user-account.json b/schemas/observables/user-account.json index f1287d4..7d374e9 100644 --- a/schemas/observables/user-account.json +++ b/schemas/observables/user-account.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/user-account.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "user-account", "description": "The User Account Object represents an instance of any type of user account, including but not limited to operating system, device, messaging service, and social media platform accounts.", "type": "object", diff --git a/schemas/observables/windows-registry-key.json b/schemas/observables/windows-registry-key.json index 061c3ed..8634e11 100644 --- a/schemas/observables/windows-registry-key.json +++ b/schemas/observables/windows-registry-key.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/windows-registry-key.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "windows-registry-key", "description": "The Registry Key Object represents the properties of a Windows registry key.", "type": "object", diff --git a/schemas/observables/x509-certificate.json b/schemas/observables/x509-certificate.json index 0ca9ee2..66bbd53 100644 --- a/schemas/observables/x509-certificate.json +++ b/schemas/observables/x509-certificate.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/x509-certificate.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "x509-certificate", "description": "The X509 Certificate Object represents the properties of an X.509 certificate.", "type": "object", diff --git a/schemas/sdos/attack-pattern.json b/schemas/sdos/attack-pattern.json index 9f441ee..e2c27d6 100644 --- a/schemas/sdos/attack-pattern.json +++ b/schemas/sdos/attack-pattern.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/attack-pattern.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "attack-pattern", "description": "Attack Patterns are a type of TTP that describe ways that adversaries attempt to compromise targets. ", "type": "object", diff --git a/schemas/sdos/campaign.json b/schemas/sdos/campaign.json index 4d5ad1d..07cac45 100644 --- a/schemas/sdos/campaign.json +++ b/schemas/sdos/campaign.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/campaign.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "campaign", "description": "A Campaign is a grouping of adversary behavior that describes a set of malicious activities or attacks that occur over a period of time against a specific set of targets.", "type": "object", diff --git a/schemas/sdos/course-of-action.json b/schemas/sdos/course-of-action.json index c3f7356..742ae66 100644 --- a/schemas/sdos/course-of-action.json +++ b/schemas/sdos/course-of-action.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/course-of-action.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "course-of-action", "description": "A Course of Action is an action taken either to prevent an attack or to respond to an attack that is in progress. ", "type": "object", diff --git a/schemas/sdos/grouping.json b/schemas/sdos/grouping.json index 8e228d5..3d12dd2 100644 --- a/schemas/sdos/grouping.json +++ b/schemas/sdos/grouping.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/grouping.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "grouping", "description": "A Grouping object explicitly asserts that the referenced STIX Objects have a shared content.", "type": "object", diff --git a/schemas/sdos/identity.json b/schemas/sdos/identity.json index 7dbdbff..26b1895 100644 --- a/schemas/sdos/identity.json +++ b/schemas/sdos/identity.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/identity.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "identity", "description": "Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, or groups.", "type": "object", diff --git a/schemas/sdos/incident.json b/schemas/sdos/incident.json index 83d5e1e..772d3e8 100644 --- a/schemas/sdos/incident.json +++ b/schemas/sdos/incident.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/incident.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "incident", "description": "The Incident object in STIX 2.1 is a stub, to be expanded in future STIX 2 releases.", "type": "object", diff --git a/schemas/sdos/indicator.json b/schemas/sdos/indicator.json index f3b26ce..23f32aa 100644 --- a/schemas/sdos/indicator.json +++ b/schemas/sdos/indicator.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/indicator.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "indicator", "description": "Indicators contain a pattern that can be used to detect suspicious or malicious cyber activity.", "type": "object", diff --git a/schemas/sdos/infrastructure.json b/schemas/sdos/infrastructure.json index e4650c4..90a5687 100644 --- a/schemas/sdos/infrastructure.json +++ b/schemas/sdos/infrastructure.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/infrastructure.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "infrastructure", "description": "Infrastructure objects describe systems, software services, and associated physical or virtual resources.", "type": "object", diff --git a/schemas/sdos/intrusion-set.json b/schemas/sdos/intrusion-set.json index 29a2972..4e9b53b 100644 --- a/schemas/sdos/intrusion-set.json +++ b/schemas/sdos/intrusion-set.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/intrusion-set.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "intrusion-set", "description": "An Intrusion Set is a grouped set of adversary behavior and resources with common properties that is believed to be orchestrated by a single organization.", "type": "object", diff --git a/schemas/sdos/location.json b/schemas/sdos/location.json index 360d8c9..0aa981b 100644 --- a/schemas/sdos/location.json +++ b/schemas/sdos/location.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/location.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "location", "description": "A Location represents a geographic location. The location may be described as any, some or all of the following: region (e.g., North America), civic address (e.g. New York, US), latitude and longitude.", "type": "object", diff --git a/schemas/sdos/malware-analysis.json b/schemas/sdos/malware-analysis.json index 4c788b3..e12dd32 100644 --- a/schemas/sdos/malware-analysis.json +++ b/schemas/sdos/malware-analysis.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware-analysis.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "malware-analysis", "description": "Malware Analysis captures the metadata and results of a particular analysis performed (static or dynamic) on the malware instance or family.", "type": "object", diff --git a/schemas/sdos/malware.json b/schemas/sdos/malware.json index 8646fd8..aaa7f33 100644 --- a/schemas/sdos/malware.json +++ b/schemas/sdos/malware.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/malware.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "malware", "description": "Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.", "type": "object", diff --git a/schemas/sdos/note.json b/schemas/sdos/note.json index 6f062b8..bdf44c0 100644 --- a/schemas/sdos/note.json +++ b/schemas/sdos/note.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/note.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "note", "description": "A Note is a comment or note containing informative text to help explain the context of one or more STIX Objects (SDOs or SROs) or to provide additional analysis that is not contained in the original object.", "type": "object", diff --git a/schemas/sdos/observed-data.json b/schemas/sdos/observed-data.json index e365fcd..7c702e6 100644 --- a/schemas/sdos/observed-data.json +++ b/schemas/sdos/observed-data.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/observed-data.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "observed-data", "description": "Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification.", "type": "object", diff --git a/schemas/sdos/opinion.json b/schemas/sdos/opinion.json index 981caa3..04b62f6 100644 --- a/schemas/sdos/opinion.json +++ b/schemas/sdos/opinion.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/opinion.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "opinion", "description": "An Opinion is an assessment of the correctness of the information in a STIX Object produced by a different entity and captures the level of agreement or disagreement using a fixed scale.", "type": "object", diff --git a/schemas/sdos/report.json b/schemas/sdos/report.json index 7af2a02..dab1592 100644 --- a/schemas/sdos/report.json +++ b/schemas/sdos/report.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/report.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "report", "description": "Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details.", "type": "object", diff --git a/schemas/sdos/threat-actor.json b/schemas/sdos/threat-actor.json index b369f0b..9206b7b 100644 --- a/schemas/sdos/threat-actor.json +++ b/schemas/sdos/threat-actor.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/threat-actor.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "threat-actor", "description": "Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent.", "type": "object", diff --git a/schemas/sdos/tool.json b/schemas/sdos/tool.json index 5db6880..7af850e 100644 --- a/schemas/sdos/tool.json +++ b/schemas/sdos/tool.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/tool.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "tool", "description": "Tools are legitimate software that can be used by threat actors to perform attacks.", "type": "object", diff --git a/schemas/sdos/vulnerability.json b/schemas/sdos/vulnerability.json index 89ddbff..06be3ac 100644 --- a/schemas/sdos/vulnerability.json +++ b/schemas/sdos/vulnerability.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/vulnerability.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "vulnerability", "description": "A Vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.", "type": "object", diff --git a/schemas/sros/relationship.json b/schemas/sros/relationship.json index d4bff59..ad9faa5 100644 --- a/schemas/sros/relationship.json +++ b/schemas/sros/relationship.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sros/relationship.json", - "$schema": "http://json-schema.org/draft2020-12/schema#", + "$schema": "http://json-schema.org/draft/2020-12/schema#", "title": "relationship", "description": "The Relationship object is used to link together two SDOs in order to describe how they are related to each other.", "type": "object", From ca575643f940ed3c8dc3afa5ad5159e5060b1f38 Mon Sep 17 00:00:00 2001 From: Joshua Weiss <89481736+jweissm@users.noreply.github.com> Date: Wed, 29 Jun 2022 10:37:11 -0400 Subject: [PATCH 12/18] Update interop/intrusion-set.json Co-authored-by: Chris Lenk --- interop/intrusion-set.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interop/intrusion-set.json b/interop/intrusion-set.json index cd6464b..86cf66d 100644 --- a/interop/intrusion-set.json +++ b/interop/intrusion-set.json @@ -9,7 +9,7 @@ } ], "required": [ - "resource_leve", + "resource_level", "primary_motivation", "created_by_ref" ] From beb6c81c96731fdc8be9f08c836d00c11cface5a Mon Sep 17 00:00:00 2001 From: jweissm Date: Tue, 5 Jul 2022 09:29:20 -0700 Subject: [PATCH 13/18] made recommended changes --- interop/grouping.json | 1 - schemas/common/core.json | 2 +- schemas/sros/sighting.json | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/interop/grouping.json b/interop/grouping.json index 0d57a1d..27d3c34 100644 --- a/interop/grouping.json +++ b/interop/grouping.json @@ -9,7 +9,6 @@ } ], "required": [ - "identities_class", "created_by_ref" ] } \ No newline at end of file diff --git a/schemas/common/core.json b/schemas/common/core.json index 18db6d8..437a1df 100644 --- a/schemas/common/core.json +++ b/schemas/common/core.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/core.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "http://json-schema.org/draft-2020-12/schema#", "title": "core", "description": "Common properties and behavior across all STIX Domain Objects and STIX Relationship Objects.", "type": "object", diff --git a/schemas/sros/sighting.json b/schemas/sros/sighting.json index 79e1908..b4fc856 100644 --- a/schemas/sros/sighting.json +++ b/schemas/sros/sighting.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sros/sighting.json", - "$schema": "http://json-schema.org/draft-07/schema", + "$schema": "http://json-schema.org/draft-2020-12/schema", "title": "sighting", "description": "A Sighting denotes the belief that something in CTI (e.g., an indicator, malware, tool, threat actor, etc.) was seen.", "type": "object", From 5d7fd9e397e29279a8ebe1af0b1941cca102cb73 Mon Sep 17 00:00:00 2001 From: Chris Lenk Date: Wed, 13 Jul 2022 15:11:00 -0400 Subject: [PATCH 14/18] Update maintainers list --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 867c241..e141856 100644 --- a/README.md +++ b/README.md @@ -38,9 +38,10 @@ Initially, the associated TC members have designated one or more persons to serv **Current Maintainers of this TC Open Repository** - * [Chris Lenk](mailto:clenk@mitre.org); GitHub ID: [https://github.com/clenk](https://github.com/clenk); WWW: [MITRE](https://www.mitre.org) * [Jason Keirstead](mailto:Jason.Keirstead@ca.ibm.com); GitHub ID: [https://github.com/JasonKeirstead](https://github.com/JasonKeirstead); WWW: [IBM](http://www.ibm.com/) - + * [Emily Ratliff](mailto:Emily.Ratliff@ibm.com); GitHub ID: [https://github.com/ejratl](https://github.com/ejratl); WWW: [IBM](http://www.ibm.com/) + * [Duncan Sparrell](mailto:duncan@sfractal.com); GitHub ID: [https://github.com/sparrell](https://github.com/sparrell); WWW: [sFractal](http://sfractal.com/) + ## About OASIS TC Open Repositories * [TC Open Repositories: Overview and Resources](https://www.oasis-open.org/resources/open-repositories/) From 1e60f7965e7c3c5a3f64ecd792948cb42a363973 Mon Sep 17 00:00:00 2001 From: jweissm Date: Wed, 20 Jul 2022 06:57:33 -0700 Subject: [PATCH 15/18] fixed test and updated test_examples.sh --- examples/interop-objectmarking-test.json | 2 +- test_examples.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/interop-objectmarking-test.json b/examples/interop-objectmarking-test.json index addf3f2..d30b66e 100644 --- a/examples/interop-objectmarking-test.json +++ b/examples/interop-objectmarking-test.json @@ -21,7 +21,7 @@ ], "object_marking_refs": [ "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", - "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed" + "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ec" ] } diff --git a/test_examples.sh b/test_examples.sh index 3c31710..1f41315 100755 --- a/test_examples.sh +++ b/test_examples.sh @@ -1,4 +1,4 @@ #!/bin/bash -ajv compile -s "schemas/*/*.json" -r "schemas/*/*.json" -c ajv-formats-draft2019 --verbose +ajv compile -s "schemas/*/*.json" -r "schemas/*/*.json" --spec=draft2020 --verbose stix2_validator --schemas `pwd`/schemas -r examples --strict --ignore 302 From ff61d145951705ffe0bd193eedde5e1f75c0115f Mon Sep 17 00:00:00 2001 From: jweissm Date: Fri, 22 Jul 2022 10:16:59 -0700 Subject: [PATCH 16/18] removed kill_chain_phases from interop_objectmarking_test.json --- examples/interop-objectmarking-test.json | 7 ------- 1 file changed, 7 deletions(-) diff --git a/examples/interop-objectmarking-test.json b/examples/interop-objectmarking-test.json index d30b66e..8dbba8d 100644 --- a/examples/interop-objectmarking-test.json +++ b/examples/interop-objectmarking-test.json @@ -12,13 +12,6 @@ "external_id": "CAPEC-163" } ], - "kill_chain_phases": - [ - { - "kill_chain_name": "example-kill-chain", - "phase_name": "lateral-movement" - } - ], "object_marking_refs": [ "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ec" From 51a0b04406b7426f11af29e9b91274b86b3f4858 Mon Sep 17 00:00:00 2001 From: jweissm Date: Fri, 5 Aug 2022 11:36:34 -0700 Subject: [PATCH 17/18] fixed the draft versions --- interop/attack-pattern.json | 1 + interop/campaign.json | 1 + interop/core.json | 2 +- interop/course-of-action.json | 1 + interop/grouping.json | 1 + interop/indicator.json | 1 + interop/infrastructure.json | 1 + interop/intrusion-set.json | 1 + interop/location.json | 1 + interop/malware-analysis.json | 1 + interop/malware.json | 1 + interop/note.json | 1 + interop/observed-data.json | 1 + interop/opinion.json | 1 + interop/relationship.json | 1 + interop/report.json | 1 + interop/sighting.json | 1 + interop/threat-actor.json | 1 + interop/tool.json | 1 + interop/vulnerability.json | 1 + schemas/common/core.json | 2 +- schemas/sros/sighting.json | 2 +- 22 files changed, 22 insertions(+), 3 deletions(-) diff --git a/interop/attack-pattern.json b/interop/attack-pattern.json index 921ef95..8d07ab8 100644 --- a/interop/attack-pattern.json +++ b/interop/attack-pattern.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/attack-pattern.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/campaign.json b/interop/campaign.json index 0738096..d41cf9d 100644 --- a/interop/campaign.json +++ b/interop/campaign.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/campaign.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/core.json b/interop/core.json index c9d2ee6..2bfd506 100644 --- a/interop/core.json +++ b/interop/core.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/core.json", - "$schema": "http://json-schema.org/draft/2020-12/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "core", "description": "Unique interop properties", "type": "object", diff --git a/interop/course-of-action.json b/interop/course-of-action.json index 1b1ce2d..139de8f 100644 --- a/interop/course-of-action.json +++ b/interop/course-of-action.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/campaign.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "$ref": "../schemas/sdos/course-of-action.json", "allOf": [ { diff --git a/interop/grouping.json b/interop/grouping.json index 27d3c34..b5bf071 100644 --- a/interop/grouping.json +++ b/interop/grouping.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/grouping.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/indicator.json b/interop/indicator.json index 4d5ffd2..7082d96 100644 --- a/interop/indicator.json +++ b/interop/indicator.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/indicator.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/infrastructure.json b/interop/infrastructure.json index 0d46f9a..e0ca226 100644 --- a/interop/infrastructure.json +++ b/interop/infrastructure.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/infrastructure.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/intrusion-set.json b/interop/intrusion-set.json index 86cf66d..8ada25b 100644 --- a/interop/intrusion-set.json +++ b/interop/intrusion-set.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/intrusion-set.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/location.json b/interop/location.json index cd70315..4fee5b4 100644 --- a/interop/location.json +++ b/interop/location.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/location.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/malware-analysis.json b/interop/malware-analysis.json index 4c726e1..f1c6088 100644 --- a/interop/malware-analysis.json +++ b/interop/malware-analysis.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/malware-analysis.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/malware.json b/interop/malware.json index aa05213..2e16d4c 100644 --- a/interop/malware.json +++ b/interop/malware.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/malware.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "$ref": "../schemas/sdos/malware.json", "allOf": [ { diff --git a/interop/note.json b/interop/note.json index 16745f1..35308b3 100644 --- a/interop/note.json +++ b/interop/note.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/note.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/observed-data.json b/interop/observed-data.json index d074e69..dad0002 100644 --- a/interop/observed-data.json +++ b/interop/observed-data.json @@ -1,5 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/interop/observed-data.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/opinion.json b/interop/opinion.json index cff0ea4..3aeaae7 100644 --- a/interop/opinion.json +++ b/interop/opinion.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/opinion.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/relationship.json b/interop/relationship.json index c879851..963e57d 100644 --- a/interop/relationship.json +++ b/interop/relationship.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/relationship.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/report.json b/interop/report.json index d420669..a6dacec 100644 --- a/interop/report.json +++ b/interop/report.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/report.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/sighting.json b/interop/sighting.json index 270df55..f74d3b7 100644 --- a/interop/sighting.json +++ b/interop/sighting.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/sighting.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/threat-actor.json b/interop/threat-actor.json index d0b202a..9175470 100644 --- a/interop/threat-actor.json +++ b/interop/threat-actor.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/threat-actor.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/tool.json b/interop/tool.json index 2323369..046beee 100644 --- a/interop/tool.json +++ b/interop/tool.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/tool.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/interop/vulnerability.json b/interop/vulnerability.json index 902dfea..3ef6d13 100644 --- a/interop/vulnerability.json +++ b/interop/vulnerability.json @@ -1,5 +1,6 @@ { "$id":"http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/interop/vulnerability.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", "allOf": [ { "$ref": "core.json" diff --git a/schemas/common/core.json b/schemas/common/core.json index 437a1df..1e10205 100644 --- a/schemas/common/core.json +++ b/schemas/common/core.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/core.json", - "$schema": "http://json-schema.org/draft-2020-12/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "core", "description": "Common properties and behavior across all STIX Domain Objects and STIX Relationship Objects.", "type": "object", diff --git a/schemas/sros/sighting.json b/schemas/sros/sighting.json index b4fc856..c3ee579 100644 --- a/schemas/sros/sighting.json +++ b/schemas/sros/sighting.json @@ -1,6 +1,6 @@ { "$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sros/sighting.json", - "$schema": "http://json-schema.org/draft-2020-12/schema", + "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "sighting", "description": "A Sighting denotes the belief that something in CTI (e.g., an indicator, malware, tool, threat actor, etc.) was seen.", "type": "object", From 773572d2a1e957618b0ee45a491cadf617c91a4d Mon Sep 17 00:00:00 2001 From: Emily Ratliff Date: Fri, 5 Aug 2022 18:21:55 -0500 Subject: [PATCH 18/18] update workflow with 2020 schema for PR#42 --- .github/workflows/python-ci-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-ci-tests.yml b/.github/workflows/python-ci-tests.yml index 8242723..692dfb5 100644 --- a/.github/workflows/python-ci-tests.yml +++ b/.github/workflows/python-ci-tests.yml @@ -25,7 +25,7 @@ jobs: pip install stix2-validator - name: Install npm dependencies run: | - npm install -g ajv-cli ajv-formats-draft2019 + npm install -g ajv-cli ajv-formats-draft2019 ajv-formats - name: Test Examples run: | ./test_examples.sh