You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Clean up the current open-sourcing elastic_ecs connector mapping with respect to the STIX official/OCA standard. The general idea is that we want to prefer custom attributes/extensions over custom objects. We also prefer "common" custom attributes that are shared across multiple connectors. stix-shifter's job is normalization, so each connector-specific custom object or attribute is counter to its goals.
The redesign aims to examine each attribute of the x-ecs-process and x-ecs-file entities. If the attribute is part of the STIX specification then it is moved in the process or file entity, and its name remains unchanged. If the attribute is not a part of the STIX specification, then it is moved into the process or file entity, and it name is prefixed with x_. For example, the exit_code attribute from the x-ecs-process entity is moved in the x_exit_code attribute in the process entity.
This redesigned mapping would simplify the implementation of apps that use data retrieved from stix-shifter., by only having to deal with relations between standard STIX entities, without the need to accommodate additional custom objects.
The text was updated successfully, but these errors were encountered:
Clean up the current open-sourcing
elastic_ecsconnector mapping with respect to the STIX official/OCA standard. The general idea is that we want to prefer custom attributes/extensions over custom objects. We also prefer "common" custom attributes that are shared across multiple connectors. stix-shifter's job is normalization, so each connector-specific custom object or attribute is counter to its goals.The redesign aims to examine each attribute of the
x-ecs-processandx-ecs-fileentities. If the attribute is part of the STIX specification then it is moved in theprocessorfileentity, and its name remains unchanged. If the attribute is not a part of the STIX specification, then it is moved into theprocessorfileentity, and it name is prefixed withx_. For example, theexit_codeattribute from thex-ecs-processentity is moved in thex_exit_codeattribute in theprocessentity.This redesigned mapping would simplify the implementation of apps that use data retrieved from stix-shifter., by only having to deal with relations between standard STIX entities, without the need to accommodate additional custom objects.
The text was updated successfully, but these errors were encountered: