UNPKG

sra-stix2-validator

Version:

stix 2.0 validator

github.com/SecurityRiskAdvisors/sra-stix2-validator

SecurityRiskAdvisors/sra-stix2-validator

104 lines 4.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
{ "$id": "../sros/sighting.json", "$schema": "http://json-schema.org/draft-06/schema#", "title": "sighting", "description": "A Sighting denotes the belief that something in CTI (e.g., an indicator, malware, tool, threat actor, etc.) was seen.", "type": "object", "allOf": [ { "$ref": "../common/core.json" }, { "properties": { "type": { "type": "string", "description": "The type of this object, which MUST be the literal `sighting`.", "const": "sighting" }, "id": { "title": "id", "pattern": "^sighting--" }, "first_seen": { "$ref": "../common/timestamp.json", "description": "The beginning of the time window during which the SDO referenced by the sighting_of_ref property was sighted." }, "last_seen": { "$ref": "../common/timestamp.json", "description": "The end of the time window during which the SDO referenced by the sighting_of_ref property was sighted." }, "count": { "type": "integer", "description": "This is an integer between 0 and 999,999,999 inclusive and represents the number of times the object was sighted.", "minimum": 0, "maximum": 999999999 }, "sighting_of_ref": { "allOf": [ { "$ref": "../common/identifier.json" }, { "not": { "pattern": "^sighting--" } }, { "not": { "pattern": "^relationship--" } }, { "not": { "pattern": "^bundle--" } }, { "not": { "pattern": "^marking-definition--" } } ], "description": "An ID reference to the object that has been sighted." }, "observed_data_refs": { "type": "array", "description": "A list of ID references to the Observed Data objects that contain the raw cyber data for this Sighting.", "items": { "allOf": [ { "$ref": "../common/identifier.json" }, { "pattern": "^observed-data--" } ] }, "minItems": 1 }, "where_sighted_refs": { "type": "array", "description": "The ID of the Victim Target objects of the entities that saw the sighting.", "items": { "allOf": [ { "$ref": "../common/identifier.json" }, { "pattern": "^identity--" } ] }, "minItems": 1 }, "summary": { "type": "boolean", "description": "The summary property indicates whether the Sighting should be considered summary data. " } } } ], "required": [ "sighting_of_ref" ] }