-
Notifications
You must be signed in to change notification settings - Fork 16
Proposal: Make Tools Top Level Entities
Status: Open
Comment Period Closes:
Affects Backwards Compatibility: Yes
Relevant Issue: https://github.com/MAECProject/schemas/issues/107
It is awkward to define and use Tools in the current version of the schema, especially where multiple Analyses make use of the same tool. If Tools were top-level entities, they could be more easily used.
We propose to rename the Malware_Instance_Object_Attributes field to Instance_Properties. This new name seems appropriate both because it refers to a malware "instance" and because the word "properties" is more generic in data representations than the word "attributes" (which has a specific meaning in UML).
| Field | Type | Multiplicity | Description |
|---|---|---|---|
| Instance_Properties | cybox:ObjectType |
0-1 | The Instance_Properties field characterizes the properties of the object (most typically a file) that represents the malware instance whose Behaviors, Actions, Objects, Process Tree, and Candidate Indicators are characterized in a Malware Subject of a MAEC Package. |
<Package>
<Tools>
<Tool id="tool-1">
<Name>Some analysis tool</Name>
<Version>2.3.1</Version>
</Tool>
</Tools>
<Malware_Subjects>
<Malware_Subject>
<Analyses>
<Analysis id="analysis-1">
<Tools>
<Tool_Reference tool_id="tool-1"/>
</Tools>
</Analysis>
</Analysis>
</Malware_Subject>
</Malware_Subjects>
</Package>
</maecPackage:MAEC_Package>This change will not be backward compatible and is one of several revisions planned in new major version.
- Does it make sense to make Tools top-level entities?
- Are there preferable alternatives that would make Tools easier to use?