You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Different Organizations call different entities different things. It is often difficult to understand that two Objects with different names are actually the same thing. We currently don't have a way to track aliases that will apply to all STIX data objects. At present you can track Aliases in only a few objects – for example the Threat Actor Object via Related Identities. We need to be able to do this for all the Objects, such as TTPs, Campaigns and the like.
In many ways this is similar to the deduplication problem.
POTENTIAL ANSWER
There are a few ways this could be achieved:
We could provide an Alias object, and have a relationship type of ‘also_known_as’ to allow certain specific objects to be known with other identifiers.
We could use the ‘Investigation/Tag’ object as a label/tag facilitator, and use it to ‘group’ the objects that use the alias together.
Another option is to just deal with it using the de-duplication processes mentioned earlier, and to directly relate the two Objects together as per section 3 – “Deduplication is difficult”.
It probably makes sense to use the last option as it reuses the relationship object to its fullest extent, and reduces the amount of extra Objects STIX needs to support..
The text was updated successfully, but these errors were encountered:
PROBLEM
Different Organizations call different entities different things. It is often difficult to understand that two Objects with different names are actually the same thing. We currently don't have a way to track aliases that will apply to all STIX data objects. At present you can track Aliases in only a few objects – for example the Threat Actor Object via Related Identities. We need to be able to do this for all the Objects, such as TTPs, Campaigns and the like.
In many ways this is similar to the deduplication problem.
POTENTIAL ANSWER
There are a few ways this could be achieved:
It probably makes sense to use the last option as it reuses the relationship object to its fullest extent, and reduces the amount of extra Objects STIX needs to support..
The text was updated successfully, but these errors were encountered: