Request to enhance the JSON "name" formatting

[borgendorf]

Hi there, our tool is ingesting and storing ATT&CK enterprise-attack.json along with the Unit42 Adversary Playbook campaign STIX reports. You have previously synchronized the "id" field of Attack Patterns (so helpful!) but what is happening now is that Unit42 names their Attack Patterns like "name": "T1060: Registry Run Keys / Startup Folder" where in ATT&CK that would be "name": "Registry Run Keys / Startup Folder". Since we are use a linked-node graph to link everything together, I end up with two "name" fields which makes it difficult in the UI to display the name.

In my user testing, people almost always prefer the version that has both the number and the name in it, as we quickly get used to the numbers and it helps when sorting lists, too. I'm requesting that the name field be modified to use the "technique-number colon space technique name" format that Unit42 uses in ATT&CK.

Thank you!

[jburns12]

Hi @borgendorf - thanks for the suggestions and your thoughts!

Currently our infrastructure (website, back-end content web app, etc.) is dependent on the current format of the name attribute, and the STIX is being widely used, so a change like the one presented would affect how others are currently using the STIX as well. Since there are so many dependencies on the current format, we aren't able to change the name attribute at this point.

However, the ATT&CK ID is available in the STIX as the source_name within the first external_reference of each object that has an ATT&CK ID. Hopefully that can help in some way as you continue to develop your linked-node graph.

Thanks again!