You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Going through the certification tests for Stix 2.1, and it is clear that the system that produced the data was not Stix compliant.
Nevertheless, it produced many identity objects with self-referential "created_by_ref" fields, which has resulted in this issue being raised.
In our view a self-referential "created_by_ref" makes no sense in either a semantic context or a graph context, as one is effectively saying I am Brett, and Brett wrote this
i do not believe the standard has an opinion on self-referential "created_by_ref", and if one i using JSON databases this issue may easily slip through the cracks. We submit that prohibition of self-referential links for the purposes of asserting both identity and created by is a good idea. We plan to automatically delete these links in our parser (an extension of the Stix2 parser to suit ATT&CK and CACAO)
Actually, there is some support in the community for using a self-referential Identity to represent identity objects that are the "producers" of STIX content. Then you would be able to distinguish an Identity that represents cyber security information - like a victim, or the identity of a threat actor, as opposed to metadata about an object creator.
Something to add to the next version of the Best Practices Guide :-)
Hi,
Going through the certification tests for Stix 2.1, and it is clear that the system that produced the data was not Stix compliant.
Nevertheless, it produced many identity objects with self-referential "created_by_ref" fields, which has resulted in this issue being raised.
In our view a self-referential "created_by_ref" makes no sense in either a semantic context or a graph context, as one is effectively saying
I am Brett, and Brett wrote this
i do not believe the standard has an opinion on self-referential "created_by_ref", and if one i using JSON databases this issue may easily slip through the cracks. We submit that prohibition of self-referential links for the purposes of asserting both identity and created by is a good idea. We plan to automatically delete these links in our parser (an extension of the Stix2 parser to suit ATT&CK and CACAO)
An example is as follows:
thanks
The text was updated successfully, but these errors were encountered: