Skip to content

Proposal: Deprecate MAEC Container

Jump to bottom
Desiree Beck edited this page Apr 20, 2015 · 19 revisions

Status: Open
Comment Period Closes:
Affects Backwards Compatibility: Yes
Relevant Issues: https://github.com/MAECProject/schemas/issues/103

Background Information

The MAEC Container was created to support notional use cases where multiple MAEC Packages needed to be embedded in a single document. However, there are simpler options for supporting multiple MAEC Packages.

Proposal

We propose to deprecate the MAEC Container for the sake of simplicity. The MAEC Container use case is not strong enough to warrant having the separate output format. A simpler alternative is to capture multiple MAEC Packages in a single Package document.

Example

<maecPackage:Malware_Subject>  NEED TO UDPATE>>>
  <maecPackage:Instance_Properties>
    <cybox:Description>Red October Downloader</cybox:Description>
    <cybox:Properties xsi:type="WinExecutableFileObj:WindowsExecutableFileObjectType">
      <FileObj:Hashes>
        <cyboxCommon:Hash>
          <cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">MD5</cyboxCommon:Type>
          <cyboxCommon:Simple_Hash_Value>c3b0d1403ba35c3aba8f4529f43fb300</cyboxCommon:Simple_Hash_Value>
        </cyboxCommon:Hash>
      </FileObj:Hashes>
    </cybox:Properties>
  </maecPackage:Instance_Properties>
...
</maecPackage:Malware_Subject>

Impact

This change will not be backward compatible.

Requested Feedback

  1. Does the proposed deprecation simp?
  2. Are the proposed additional values appropriate?

Clone this wiki locally