metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (METRON-407) We currently do not provide defaults if the Stix Observable does not specify a condition
Date Tue, 06 Sep 2016 20:04:20 GMT

    [ https://issues.apache.org/jira/browse/METRON-407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15468403#comment-15468403
] 

ASF GitHub Bot commented on METRON-407:
---------------------------------------

Github user cestella commented on the issue:

    https://github.com/apache/incubator-metron/pull/244
  
    Just for posterity, from [here](http://stixproject.github.io/documentation/suggested-practices/)
justifying considering an absence of a condition to be an equality condition:
    
    > When creating observables for use as patterns within indicators, you should always
set the condition attribute on all possible fields to an appropriate value, even if that value
is equals. Leaving off the condition attribute implies that the observable is an instance
rather than a pattern.
    



> We currently do not provide defaults if the Stix Observable does not specify a condition
> ----------------------------------------------------------------------------------------
>
>                 Key: METRON-407
>                 URL: https://issues.apache.org/jira/browse/METRON-407
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Casey Stella
>            Assignee: Casey Stella
>             Fix For: 0.2.1BETA
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> When manually creating indicators in Soltra, the condition for the observable is not
specifiable via the Soltra UI.  As such, Soltra does not specify this condition explicitly,
expecting the default to be "equals" if unspecified.
> We should, if the condition is unspecified, assume equality.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message