UNPKG

sra-stix2-validator

Version:

stix 2.0 validator

github.com/SecurityRiskAdvisors/sra-stix2-validator

SecurityRiskAdvisors/sra-stix2-validator

129 lines 6.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
{ "$id": "../sdos/observed-data.json", "$schema": "http://json-schema.org/draft-06/schema#", "title": "observed-data", "description": "Observed data conveys information that was observed on systems and networks, such as log data or network traffic, using the Cyber Observable specification.", "type": "object", "allOf": [ { "$ref": "../common/core.json" }, { "properties": { "type": { "type": "string", "description": "The type of this object, which MUST be the literal `observed-data`.", "const": "observed-data" }, "id": { "title": "id", "pattern": "^observed-data--" }, "first_observed": { "$ref": "../common/timestamp.json", "description": "The beginning of the time window that the data was observed during." }, "last_observed": { "$ref": "../common/timestamp.json", "description": "The end of the time window that the data was observed during." }, "number_observed": { "type": "integer", "description": "The number of times the data represented in the objects property was observed. This MUST be an integer between 1 and 999,999,999 inclusive.", "minimum": 1, "maximum": 999999999 }, "objects": { "type": "object", "description": "A dictionary of Cyber Observable Objects that describes the single 'fact' that was observed.", "minProperties": 1, "patternProperties": { "^.*$": { "type": "object", "oneOf": [ { "allOf": [ { "$ref": "../common/cyber-observable-core.json" }, { "not": { "properties": { "type": { "type": "string", "pattern": "^artifact|directory|file|mutex|process|software|user-account|windows-registry-key|x509-certificate|autonomous-system|domain-name|email-addr|email-message|ipv4-addr|ipv6-addr|mac-addr|network-traffic|url$", "description": "Indicates that this object is a custom Observable Object." } } } } ] }, { "$ref": "../observables/artifact.json" }, { "$ref": "../observables/autonomous-system.json" }, { "$ref": "../observables/directory.json" }, { "$ref": "../observables/domain-name.json" }, { "$ref": "../observables/email-addr.json" }, { "$ref": "../observables/email-message.json" }, { "$ref": "../observables/file.json" }, { "$ref": "../observables/ipv4-addr.json" }, { "$ref": "../observables/ipv6-addr.json" }, { "$ref": "../observables/mac-addr.json" }, { "$ref": "../observables/mutex.json" }, { "$ref": "../observables/network-traffic.json" }, { "$ref": "../observables/process.json" }, { "$ref": "../observables/software.json" }, { "$ref": "../observables/url.json" }, { "$ref": "../observables/user-account.json" }, { "$ref": "../observables/windows-registry-key.json" }, { "$ref": "../observables/x509-certificate.json" } ] } } } } } ], "required": [ "first_observed", "last_observed", "number_observed", "objects" ] }