cti-stix2-json-schemas
cti-stix2-json-schemas copied to clipboard
Observables Example(s)
None of the examples provided seem to show how/where observables fit in and their usage. It would be helpful to have an example or two for those like myself who are new to STIX. It seems that malicious-email-indicator-with-attachment.json and indicator-for-malicious-URL.json would both be perfect for adding this sort of example.
Thanks, @cystek . I agree we could use some examples of the Observable object, both here and (maybe) in the STIX examples on https://oasis-open.github.io/cti-documentation/stix/examples.html.
@ATweedMITRE : Do we have any planned examples that use the Observable SDO?
Yes, I will be working on some scenarios that involve observed-data objects. I agree that we need a couple of those. Thanks for the feedback @cystek.
There is now an observed-data example complete with JSON and python code on the website here.
@ATweedMITRE it looks like there's some overlaps between the examples in this repo and the examples on the cti-documentation site. Do you think we should get rid of one or the other? It feels like it will become a pain to keep them in sync. I certainly don't mind leaving things like threat-reports
in this repo.
cc: @johnwunder
@gtback Yeah it is kind of redundant to have them in 2 places especially when updating. I can remove them from this repo and manage any changes from the cti-documentation one if that works.
cc: @johnwunder