8.4.2 Reserved Names.
Embedded Relationships created_by_ref identifier (of type identity) object_marking_refs identifier (of type marking-definition) Common Relationships duplicate-of, derived-from, related-to Source Relationship Type Target Description Reverse Relationships attack-pattern, campaign, intrusion-set, malware, threat-actor, tool targets vulnerability See forward relationship for definition.
Embedded Relationships created_by_ref identifier (of type identity) object_marking_refs identifier (of type marking-definition) Common Relationships duplicate-of, derived-from, related-to Source Relationship Type Target Description Reverse Relationships attack-pattern, campaign, intrusion-set, malware, threat-actor, tool targets vulnerability See forward relationship for definition. The reverse relationships (relationships "to" the Vulnerability object) are included as a convenience. Edited by Sean Barnum, Desiree Beck, Aharon Chernin, and Rich Piazza. "external_references "source_name "capec "external_id "capec-163" A specific attack pattern for a particular form of spear phishing, referencing capec "type "attack-pattern "id "created "T08:17:27.000Z "modified "T08:17:27.000Z "name "Spear Phishing as Practiced by Adversary X "description "A particular form of spear phishing where the attacker claims that. When you combine them by including the linked Observed Data ( observed_data_refs ) from a Sighting, you can say "I saw this file, and that makes me think I saw this threat actor". The Report SDO contains a list of references to SDOs and SROs (the CTI objects included in the report) along with a textual description and the name of the report.
A firewall could emit a single Observed Data instance containing a single Network Traffic object for each connection it sees.
Objective (optional) string This property defines the Campaigns primary goal, objective, desired outcome, or intended effect what the Threat Actor hopes to accomplish with this Campaign.
Using SDOs and stix relationships as building blocks, individuals can create and share broad and comprehensive cyber threat intelligence.
All capitalized terms in the following text have the meanings assigned to them in the oasis Intellectual Property Rights Policy (the "oasis IPR Policy.
Objects and properties not included in stix.0, but deemed necessary by the community, will be included in future releases.
1.4 Naming Requirements.4.1 Property Names and String Literals In the json serialization all property names and string literals must be exactly the same, including case, as the names listed in the property tables in this specification. Where a Campaign is a set of attacks over a period of time against a specific set of targets to achieve some objective, an Intrusion Set is the entire attack package and may be used over a very long period of time in multiple Campaigns. 2.4.2 Relationships There is an embedded relationship to Identity in all stix Objects called created_by_ref that is inherited from the Common Properties. Indicator indicates intrusion-set See forward relationship for definition. If there is a discrepancy between this table and the relationships defined with each of the SDOs, then the relationships defined with the SDOs must be viewed as authoritative. Any other numbered Versions and other technical work produced by the Technical Committee (TC) are listed at p?wg_abbrevcti#technical. Secondary_motivations (optional) list of type open-vocab The secondary reasons, motivations, or purposes behind this Intrusion Set. The rest of the table identifies the relationships that can be made from the Attack Pattern object by way of the Relationship object. They are in Consolas 9-point font, with straight"s, black text and a light grey background, and 2-space indentation.