STIX 2.0 Proposal10 : Make field names consistent for usages of Information Source (#263)
In some cases the Information Source property on IDable content is called Information_Source, in others Source, and in others Producer. It would be better if these were all made consistent.
This issue is resolved through approval of #291 and #233.
With Source broken out as a separate IDable construct and a defined Related_Source relationship type used to specify the source for content there will no longer be separate property fields (with potentially different names) for specifying source.
Example #1: simple indicator with attributed source for the information
Example #1:
{
"id": "example:src-83dc6b53-ac3d-40e0-82ef-eab173c7ee1e",
"type": "source",
"timestamp": { "value" : "2015-12-21T19:59:11.000000+00:00" },
"name": "US-CERT"
}
{
"id": "example:ind-b8e37090-5d62-45a1-ac2e-a88601b08432",
"type": "indicator",
"timestamp": { "value" : "2015-12-21T19:59:11.000000+00:00" },
"title": "Sakurel Malware",
"indicator_expression": "this would be an observable pattern for a particular file hash using the new CybOX patterning language under consideration",
"indicator_type": [
{
"value": "File Hash Watchlist",
"vocab": "indicator-type-vocab-1.1"
}
]
}
{
"id": "example:rel-9d0c539e-a874-42c7-a055-3e900b98724f",
"type": "related-source",
"timestamp": { "value" : "2015-12-21T19:59:12.000000+00:00" },
"from": "example:ind-b8e37090-5d62-45a1-ac2e-a88601b08432",
"to": "example:src-83dc6b53-ac3d-40e0-82ef-eab173c7ee1e",
"relationship_nature": {
"value": "Has Source"
}
}