cti-stix2-json-schemas icon indicating copy to clipboard operation
cti-stix2-json-schemas copied to clipboard

Published 20 hours ago verified publisher icon oasis-open

Observables Example(s)

Open cystek opened this issue 7 years ago • 5 comments

None of the examples provided seem to show how/where observables fit in and their usage. It would be helpful to have an example or two for those like myself who are new to STIX. It seems that malicious-email-indicator-with-attachment.json and indicator-for-malicious-URL.json would both be perfect for adding this sort of example.

cystek avatar Apr 28 '17 01:04 cystek

Thanks, @cystek . I agree we could use some examples of the Observable object, both here and (maybe) in the STIX examples on https://oasis-open.github.io/cti-documentation/stix/examples.html.

@ATweedMITRE : Do we have any planned examples that use the Observable SDO?

gtback avatar Apr 28 '17 13:04 gtback

Yes, I will be working on some scenarios that involve observed-data objects. I agree that we need a couple of those. Thanks for the feedback @cystek.

ATweedMITRE avatar Apr 28 '17 14:04 ATweedMITRE

There is now an observed-data example complete with JSON and python code on the website here.

ATweedMITRE avatar Jul 12 '17 16:07 ATweedMITRE

@ATweedMITRE it looks like there's some overlaps between the examples in this repo and the examples on the cti-documentation site. Do you think we should get rid of one or the other? It feels like it will become a pain to keep them in sync. I certainly don't mind leaving things like threat-reports in this repo.

cc: @johnwunder

gtback avatar Jul 12 '17 20:07 gtback

@gtback Yeah it is kind of redundant to have them in 2 places especially when updating. I can remove them from this repo and manage any changes from the cti-documentation one if that works.

cc: @johnwunder

ATweedMITRE avatar Jul 13 '17 13:07 ATweedMITRE