Stephen Russett
Stephen Russett
see: https://github.com/StephenOTT/STIX-Java/tree/2.1 for initial update
These rules will follow typical expression pattern usage. All rules must pass for redaction not to occur. If any rule fails, then redaction is implemented.
Object after signature ``` { "type": "attack-pattern", "id": "attack-pattern--2a8ec2a9-44e2-490c-8045-5a88ef89302f", "created": "2018-11-23T20:44:31.418Z", "modified": "2018-11-26T20:44:31.418Z", "revoked": false, "object_marking_refs": [ "marking-definition--72f07c91-87d2-44a1-bf16-29fc935936c0" ], "granular_markings": [ { "selectors": [ "pattern1", "pattern2", "pattern3" ], "marking_ref": "marking-definition--d3b09fa4-55aa-4d47-abe0-b3a00eecd0df"...
A API response could also be to just expose objects as signed strings to which are decoded by the consumer.
and if we add some header information:  Header information can be used to determine the public key source that is cross-referenced in...
see: https://github.com/StephenOTT/charon-stix/blob/master/src/main/java/io/digitalstate/stix/helpers/ObjectSigning.java and https://github.com/StephenOTT/charon-stix/blob/master/src/main/java/io/digitalstate/charon/camunda/CharonApplication.java#L88-L90 for code snippets of signing
Example of document using Gzip as a compression scheme Compressed (628 characters) `eyJzaWduZWRfYnkiOiJpZGVudGl0eS0tZDQ0MjgxM2ItN2U3Mi00OWE2LTkzN2EtM2UzNTFlMjE5YTE4IiwiYWxnIjoiSFMyNTYiLCJ6aXAiOiJHWklQIn0.H4sIAAAAAAAAAJWRy27DIBBFfyVibSpj4-c2y6rqpqtWlTXAkFC_IkyiRlH-veA4Sqp00w3MDHcuB-ZE3HGHpCbgHMiW7vyOdiARMeqhSmmiS4FliTSWcUF5mUoqkGkai5xLUXK_gu-VFsFhMEhiVlLGaJK_xazmRZ3GTwXP372oH5XR5reqelBZPIxtEGnoJozIKL5QuqYH25ph01jUE6k_yJJThdoMxpnRw2aZLlihgaYIHrbKlYeFiuZFmmilgGnNyGdENhaGfQf2ahoMT2TCzl802tl--QDmgZYwuYVpMLkD8g_6CyfhMhaKa1pWOVKeFJyCYEhFWmSVyLRCBHL2VgP0YSLT2OPqNo_WdF0jt2CGZreFCS-Ud9WlbR2SGTSortU5YeQc_bMlmYm-mwCz3k9u7J_x6A9fjis5p6sDdHskV82r26K9CJs2KNMqrc4_CH_jFWYCAAA.s6iOIpnwpzkGGdtkSBp-ovFltbb_fCBCPb-zhVhdb8k` Uncompressed (967 chars): `eyJzaWduZWRfYnkiOiJpZGVudGl0eS0tZDQ0MjgxM2ItN2U3Mi00OWE2LTkzN2EtM2UzNTFlMjE5YTE4IiwiYWxnIjoiSFMyNTYifQ.eyJ0eXBlIjoiYXR0YWNrLXBhdHRlcm4iLCJpZCI6ImF0dGFjay1wYXR0ZXJuLS0wODMwNDhiOS00NDRiLTQ2NTMtYmEyNi1iOWMzZDk5ZmNjZjYiLCJjcmVhdGVkIjoiMjAxOC0xMS0yNlQwMTo0ODo0Ny43OTRaIiwibW9kaWZpZWQiOiIyMDE4LTExLTI5VDAxOjQ4OjQ3Ljc5NFoiLCJyZXZva2VkIjpmYWxzZSwib2JqZWN0X21hcmtpbmdfcmVmcyI6WyJtYXJraW5nLWRlZmluaXRpb24tLWJkNWNjY2IwLTcyYTEtNDI5Ny1iODA0LTc0Y2IyZWI3YjViMiJdLCJncmFudWxhcl9tYXJraW5ncyI6W3sic2VsZWN0b3JzIjpbInBhdHRlcm4xIiwicGF0dGVybjIiLCJwYXR0ZXJuMyJdLCJtYXJraW5nX3JlZiI6Im1hcmtpbmctZGVmaW5pdGlvbi0tN2U1ZjEwNzEtZGRiNi00ZWUyLWFlYmYtMmQ1ZTk4NjAxNWEwIn1dLCJuYW1lIjoic29tZSBwYXR0ZXJuIiwia2lsbF9jaGFpbl9waGFzZXMiOlt7ImtpbGxfY2hhaW5fbmFtZSI6IkNoYWluMSIsInBoYXNlX25hbWUiOiJwaGFzZTEifSx7ImtpbGxfY2hhaW5fbmFtZSI6IkNoYWluMSIsInBoYXNlX25hbWUiOiJwaGFzZTIifV0sInhfc29tZUN1c3RvbUtleSI6Ik15IGN1c3RvbSB2YWx1ZSIsInhfc29tZU90aGVyQ3VzdG9tX2tleSI6MzkzOX0.x80xmZyqNMnoMxkrdc6ew45KzG0ro45_6ahlEcBHiyY` difference: 64% Concept: Use of the encoded sring (base64) increases the string size,...
@saaj good catch. Its a bug with the default action/provider not kicking it. I will post a fix for this today or tomorrow.
Believed to be Caused by https://youtrack.jetbrains.com/issue/KT-33052
initial code was added, but needs to be expanded for proper provider typing