From 6debf845c7c22fb817a7a2904dec10303cd1119c Mon Sep 17 00:00:00 2001 From: Devin Walters Date: Fri, 6 Feb 2026 11:55:15 -0600 Subject: [PATCH 1/2] Add optional short_id field to Incident schema --- src/ctim/examples/incidents.cljc | 1 + src/ctim/schemas/incident.cljc | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ctim/examples/incidents.cljc b/src/ctim/examples/incidents.cljc index ecbaf1dc..91f83764 100644 --- a/src/ctim/examples/incidents.cljc +++ b/src/ctim/examples/incidents.cljc @@ -42,6 +42,7 @@ :discovery_method "Log Review" :promotion_method "Manual" :intended_effect "Extortion" + :short_id 1 :scores {:asset 5 :ttp 98} :meta {:string "this description was generated by a very smart algorithm" diff --git a/src/ctim/schemas/incident.cljc b/src/ctim/schemas/incident.cljc index ef01b809..eb9ccf5a 100644 --- a/src/ctim/schemas/incident.cljc +++ b/src/ctim/schemas/incident.cljc @@ -168,7 +168,9 @@ "associated with the adversary's tactics.")) (f/entry :techniques [c/ShortString] :description (str "Represents the specific methods or actions used by an attacker " - "to carry out an offensive maneuver or achieve their goals.")))) + "to carry out an offensive maneuver or achieve their goals.")) + (f/entry :short_id c/PosInt + :description "A sequential, human-readable identifier for the incident, unique within an organization."))) (def-entity-type NewIncident "For submitting a new Incident." From 3b934d0d14f32ca7eab77af27c5054637271a93e Mon Sep 17 00:00:00 2001 From: Devin Walters Date: Mon, 9 Feb 2026 15:23:47 -0600 Subject: [PATCH 2/2] doc schema version updates --- doc/json/actor.json | 2 +- doc/json/asset.json | 2 +- doc/json/asset_mapping.json | 2 +- doc/json/asset_properties.json | 2 +- doc/json/attack_pattern.json | 2 +- doc/json/bundle.json | 45 ++++++++++++++++---------------- doc/json/campaign.json | 2 +- doc/json/casebook.json | 47 +++++++++++++++++----------------- doc/json/coa.json | 2 +- doc/json/feedback.json | 2 +- doc/json/incident.json | 3 ++- doc/json/indicator.json | 2 +- doc/json/judgement.json | 2 +- doc/json/malware.json | 2 +- doc/json/note.json | 2 +- doc/json/relationship.json | 2 +- doc/json/sighting.json | 2 +- doc/json/target_record.json | 2 +- doc/json/tool.json | 2 +- doc/json/vulnerability.json | 2 +- doc/json/weakness.json | 2 +- doc/structures/bundle.md | 11 ++++++++ doc/structures/casebook.md | 11 ++++++++ doc/structures/incident.md | 11 ++++++++ 24 files changed, 100 insertions(+), 64 deletions(-) diff --git a/doc/json/actor.json b/doc/json/actor.json index d0d5317a..e114a345 100644 --- a/doc/json/actor.json +++ b/doc/json/actor.json @@ -26,7 +26,7 @@ "motivation" : "Ego", "planning_and_operational_support" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "sophistication" : "Aspirant", "source" : "string", diff --git a/doc/json/asset.json b/doc/json/asset.json index 0c41acba..24c4b43b 100644 --- a/doc/json/asset.json +++ b/doc/json/asset.json @@ -12,7 +12,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/asset_mapping.json b/doc/json/asset_mapping.json index 89b324f4..b520083e 100644 --- a/doc/json/asset_mapping.json +++ b/doc/json/asset_mapping.json @@ -17,7 +17,7 @@ "value" : "1.2.3.4" }, "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "specificity" : "Low", diff --git a/doc/json/asset_properties.json b/doc/json/asset_properties.json index f2eecb8b..64325d30 100644 --- a/doc/json/asset_properties.json +++ b/doc/json/asset_properties.json @@ -15,7 +15,7 @@ "value" : "string" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", diff --git a/doc/json/attack_pattern.json b/doc/json/attack_pattern.json index 8cf8a4ec..a2409d31 100644 --- a/doc/json/attack_pattern.json +++ b/doc/json/attack_pattern.json @@ -16,7 +16,7 @@ } ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/bundle.json b/doc/json/bundle.json index 238bec7f..a6cf806d 100644 --- a/doc/json/bundle.json +++ b/doc/json/bundle.json @@ -28,7 +28,7 @@ "motivation" : "Ego", "planning_and_operational_support" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "sophistication" : "Aspirant", "source" : "string", @@ -62,7 +62,7 @@ "value" : "1.2.3.4" }, "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "specificity" : "Low", @@ -92,7 +92,7 @@ "value" : "string" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -119,7 +119,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -151,7 +151,7 @@ } ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -185,7 +185,7 @@ "language" : "string", "names" : [ "string" ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -259,7 +259,7 @@ "source" : "string" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -297,7 +297,7 @@ "revision" : 10, "row_count" : 10, "rows" : [ [ "anything" ] ], - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -335,7 +335,7 @@ "language" : "string", "reason" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -366,7 +366,7 @@ }, "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -410,12 +410,13 @@ }, "promotion_method" : "Automated", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "scores" : { "asset" : 10.0 }, "severity" : "Critical", "short_description" : "string", + "short_id" : 10, "source" : "string", "source_uri" : "string", "status" : "Closed", @@ -453,7 +454,7 @@ "negate" : true, "producer" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "severity" : "Critical", "short_description" : "string", "source" : "string", @@ -502,7 +503,7 @@ "reason" : "string", "reason_uri" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "severity" : "Critical", "source" : "string", "source_uri" : "string", @@ -535,7 +536,7 @@ "labels" : [ "adware" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -565,7 +566,7 @@ "entity_type" : "string" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -587,7 +588,7 @@ "language" : "string", "relationship_type" : "attributed-to", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_ref" : "string", @@ -599,7 +600,7 @@ "type" : "relationship" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "sighting_refs" : [ "string" ], "sightings" : [ { @@ -879,7 +880,7 @@ } ], "resolution" : "detected", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "sensor" : "endpoint", "sensor_coordinates" : { "observables" : [ { @@ -926,7 +927,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -972,7 +973,7 @@ "labels" : [ "credential-exploitation" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1113,7 +1114,7 @@ "last_modified_date" : "2016-01-01T01:01:01.000Z", "published_date" : "2016-01-01T01:01:01.000Z", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1194,7 +1195,7 @@ "strategy" : "Attack Surface Reduction" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/campaign.json b/doc/json/campaign.json index a673d8d2..64b0c2e9 100644 --- a/doc/json/campaign.json +++ b/doc/json/campaign.json @@ -19,7 +19,7 @@ "language" : "string", "names" : [ "string" ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/casebook.json b/doc/json/casebook.json index 4a83a89d..320d67f1 100644 --- a/doc/json/casebook.json +++ b/doc/json/casebook.json @@ -29,7 +29,7 @@ "motivation" : "Ego", "planning_and_operational_support" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "sophistication" : "Aspirant", "source" : "string", @@ -63,7 +63,7 @@ "value" : "1.2.3.4" }, "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "specificity" : "Low", @@ -93,7 +93,7 @@ "value" : "string" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -120,7 +120,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -152,7 +152,7 @@ } ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -186,7 +186,7 @@ "language" : "string", "names" : [ "string" ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -260,7 +260,7 @@ "source" : "string" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -298,7 +298,7 @@ "revision" : 10, "row_count" : 10, "rows" : [ [ "anything" ] ], - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -336,7 +336,7 @@ "language" : "string", "reason" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -367,7 +367,7 @@ }, "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -411,12 +411,13 @@ }, "promotion_method" : "Automated", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "scores" : { "asset" : 10.0 }, "severity" : "Critical", "short_description" : "string", + "short_id" : 10, "source" : "string", "source_uri" : "string", "status" : "Closed", @@ -454,7 +455,7 @@ "negate" : true, "producer" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "severity" : "Critical", "short_description" : "string", "source" : "string", @@ -503,7 +504,7 @@ "reason" : "string", "reason_uri" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "severity" : "Critical", "source" : "string", "source_uri" : "string", @@ -536,7 +537,7 @@ "labels" : [ "adware" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -566,7 +567,7 @@ "entity_type" : "string" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", @@ -588,7 +589,7 @@ "language" : "string", "relationship_type" : "attributed-to", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_ref" : "string", @@ -600,7 +601,7 @@ "type" : "relationship" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "sighting_refs" : [ "string" ], "sightings" : [ { @@ -880,7 +881,7 @@ } ], "resolution" : "detected", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "sensor" : "endpoint", "sensor_coordinates" : { "observables" : [ { @@ -927,7 +928,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -973,7 +974,7 @@ "labels" : [ "credential-exploitation" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1114,7 +1115,7 @@ "last_modified_date" : "2016-01-01T01:01:01.000Z", "published_date" : "2016-01-01T01:01:01.000Z", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1195,7 +1196,7 @@ "strategy" : "Attack Surface Reduction" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", @@ -1226,7 +1227,7 @@ "value" : "1.2.3.4" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/coa.json b/doc/json/coa.json index 5f0422be..60576f44 100644 --- a/doc/json/coa.json +++ b/doc/json/coa.json @@ -57,7 +57,7 @@ "source" : "string" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/feedback.json b/doc/json/feedback.json index bd138513..91196999 100644 --- a/doc/json/feedback.json +++ b/doc/json/feedback.json @@ -13,7 +13,7 @@ "language" : "string", "reason" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", diff --git a/doc/json/incident.json b/doc/json/incident.json index 45fcba2a..d5e76950 100644 --- a/doc/json/incident.json +++ b/doc/json/incident.json @@ -30,12 +30,13 @@ }, "promotion_method" : "Automated", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "scores" : { "asset" : 10.0 }, "severity" : "Critical", "short_description" : "string", + "short_id" : 10, "source" : "string", "source_uri" : "string", "status" : "Closed", diff --git a/doc/json/indicator.json b/doc/json/indicator.json index 31479ed7..da11626c 100644 --- a/doc/json/indicator.json +++ b/doc/json/indicator.json @@ -24,7 +24,7 @@ "negate" : true, "producer" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "severity" : "Critical", "short_description" : "string", "source" : "string", diff --git a/doc/json/judgement.json b/doc/json/judgement.json index 384c5501..b4676ea3 100644 --- a/doc/json/judgement.json +++ b/doc/json/judgement.json @@ -20,7 +20,7 @@ "reason" : "string", "reason_uri" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "severity" : "Critical", "source" : "string", "source_uri" : "string", diff --git a/doc/json/malware.json b/doc/json/malware.json index b6819ad3..5312f285 100644 --- a/doc/json/malware.json +++ b/doc/json/malware.json @@ -17,7 +17,7 @@ "labels" : [ "adware" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/note.json b/doc/json/note.json index c721126c..753596ca 100644 --- a/doc/json/note.json +++ b/doc/json/note.json @@ -17,7 +17,7 @@ "entity_type" : "string" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "source" : "string", "source_uri" : "string", "timestamp" : "2016-01-01T01:01:01.000Z", diff --git a/doc/json/relationship.json b/doc/json/relationship.json index 9d821315..f564a21a 100644 --- a/doc/json/relationship.json +++ b/doc/json/relationship.json @@ -12,7 +12,7 @@ "language" : "string", "relationship_type" : "attributed-to", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_ref" : "string", diff --git a/doc/json/sighting.json b/doc/json/sighting.json index c5fda510..5d196804 100644 --- a/doc/json/sighting.json +++ b/doc/json/sighting.json @@ -275,7 +275,7 @@ } ], "resolution" : "detected", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "sensor" : "endpoint", "sensor_coordinates" : { "observables" : [ { diff --git a/doc/json/target_record.json b/doc/json/target_record.json index 7e1541e1..437c50e9 100644 --- a/doc/json/target_record.json +++ b/doc/json/target_record.json @@ -11,7 +11,7 @@ "id" : "string", "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/tool.json b/doc/json/tool.json index 19378745..a28e9bb3 100644 --- a/doc/json/tool.json +++ b/doc/json/tool.json @@ -16,7 +16,7 @@ "labels" : [ "credential-exploitation" ], "language" : "string", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/vulnerability.json b/doc/json/vulnerability.json index c4eb1384..1478162d 100644 --- a/doc/json/vulnerability.json +++ b/doc/json/vulnerability.json @@ -108,7 +108,7 @@ "last_modified_date" : "2016-01-01T01:01:01.000Z", "published_date" : "2016-01-01T01:01:01.000Z", "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/json/weakness.json b/doc/json/weakness.json index 974ded73..7efcec04 100644 --- a/doc/json/weakness.json +++ b/doc/json/weakness.json @@ -68,7 +68,7 @@ "strategy" : "Attack Surface Reduction" } ], "revision" : 10, - "schema_version" : "1.3.28", + "schema_version" : "1.3.29", "short_description" : "string", "source" : "string", "source_uri" : "string", diff --git a/doc/structures/bundle.md b/doc/structures/bundle.md index f7653215..84bb6864 100644 --- a/doc/structures/bundle.md +++ b/doc/structures/bundle.md @@ -4467,6 +4467,7 @@ A URL reference to an external resource. |[scores](#propertyscores-incidentscoresobject)|*IncidentScores* Object|Used to indicate the severity or impact score of the threat represented by the incident.|| |[severity](#propertyseverity-severitystring)|SeverityString|Represents the potential impact of an incident on an organization's security posture and business operations. It helps organizations prioritize and allocate resources for incident response based on the severity level of the incident It helps analysts and incident handlers prioritize incidents by indicating the level of risk and potential impact associated with the incident. This enables organizations to allocate resources efficiently and address the most critical incidents first. Can also be used to generate reports and metrics for measuring the effectiveness of the incident response process and to identify trends and patterns in the threat landscape. It is important to note that the `severity` field is subjective and can be interpreted differently by different organizations or analysts. Therefore, it should be used in conjunction with other intelligence attributes, such as the `confidence` field, to provide a more comprehensive view of the incident.|| |[short_description](#propertyshort_description-medstringstring)|MedStringString|A single line, short summary of the object.|| +|[short_id](#propertyshort_id-integer)|Integer|A sequential, human-readable identifier for the incident, unique within an organization.|| |[source](#propertysource-medstringstring)|MedStringString|Represents the source of the intelligence that led to the creation of the entity.|| |[source_uri](#propertysource_uri-string)|String|URI of the source of the intelligence that led to the creation of the entity.|| |[tactics](#propertytactics-shortstringstringlist)|ShortStringString List|Represents the offensive techniques, approaches, or procedures that an adversary may use to achieve their objectives during an attack. It helps in understanding the intent and capabilities of the adversary and can be used to identify indicators of attack (IoAs) or indicators of compromise (IoCs) that are associated with the adversary's tactics.|| @@ -4776,6 +4777,16 @@ A single line, short summary of the object. * *MedString* String with at most 2048 characters. + +## Property short_id ∷ Integer + +A sequential, human-readable identifier for the incident, unique within an organization. + +* This entry is optional + + + * Zero, or a positive integer. + ## Property source ∷ MedStringString diff --git a/doc/structures/casebook.md b/doc/structures/casebook.md index f97732d8..1f37b0d4 100644 --- a/doc/structures/casebook.md +++ b/doc/structures/casebook.md @@ -11414,6 +11414,7 @@ A URL reference to an external resource. |[scores](#propertyscores-incidentscoresobject)|*IncidentScores* Object|Used to indicate the severity or impact score of the threat represented by the incident.|| |[severity](#propertyseverity-severitystring)|SeverityString|Represents the potential impact of an incident on an organization's security posture and business operations. It helps organizations prioritize and allocate resources for incident response based on the severity level of the incident It helps analysts and incident handlers prioritize incidents by indicating the level of risk and potential impact associated with the incident. This enables organizations to allocate resources efficiently and address the most critical incidents first. Can also be used to generate reports and metrics for measuring the effectiveness of the incident response process and to identify trends and patterns in the threat landscape. It is important to note that the `severity` field is subjective and can be interpreted differently by different organizations or analysts. Therefore, it should be used in conjunction with other intelligence attributes, such as the `confidence` field, to provide a more comprehensive view of the incident.|| |[short_description](#propertyshort_description-medstringstring)|MedStringString|A single line, short summary of the object.|| +|[short_id](#propertyshort_id-integer)|Integer|A sequential, human-readable identifier for the incident, unique within an organization.|| |[source](#propertysource-medstringstring)|MedStringString|Represents the source of the intelligence that led to the creation of the entity.|| |[source_uri](#propertysource_uri-string)|String|URI of the source of the intelligence that led to the creation of the entity.|| |[tactics](#propertytactics-shortstringstringlist)|ShortStringString List|Represents the offensive techniques, approaches, or procedures that an adversary may use to achieve their objectives during an attack. It helps in understanding the intent and capabilities of the adversary and can be used to identify indicators of attack (IoAs) or indicators of compromise (IoCs) that are associated with the adversary's tactics.|| @@ -11723,6 +11724,16 @@ A single line, short summary of the object. * *MedString* String with at most 2048 characters. + +## Property short_id ∷ Integer + +A sequential, human-readable identifier for the incident, unique within an organization. + +* This entry is optional + + + * Zero, or a positive integer. + ## Property source ∷ MedStringString diff --git a/doc/structures/incident.md b/doc/structures/incident.md index 5516fcc0..6b45d5e1 100644 --- a/doc/structures/incident.md +++ b/doc/structures/incident.md @@ -30,6 +30,7 @@ |[scores](#propertyscores-incidentscoresobject)|*IncidentScores* Object|Used to indicate the severity or impact score of the threat represented by the incident.|| |[severity](#propertyseverity-severitystring)|SeverityString|Represents the potential impact of an incident on an organization's security posture and business operations. It helps organizations prioritize and allocate resources for incident response based on the severity level of the incident It helps analysts and incident handlers prioritize incidents by indicating the level of risk and potential impact associated with the incident. This enables organizations to allocate resources efficiently and address the most critical incidents first. Can also be used to generate reports and metrics for measuring the effectiveness of the incident response process and to identify trends and patterns in the threat landscape. It is important to note that the `severity` field is subjective and can be interpreted differently by different organizations or analysts. Therefore, it should be used in conjunction with other intelligence attributes, such as the `confidence` field, to provide a more comprehensive view of the incident.|| |[short_description](#propertyshort_description-medstringstring)|MedStringString|A single line, short summary of the object.|| +|[short_id](#propertyshort_id-integer)|Integer|A sequential, human-readable identifier for the incident, unique within an organization.|| |[source](#propertysource-medstringstring)|MedStringString|Represents the source of the intelligence that led to the creation of the entity.|| |[source_uri](#propertysource_uri-string)|String|URI of the source of the intelligence that led to the creation of the entity.|| |[tactics](#propertytactics-shortstringstringlist)|ShortStringString List|Represents the offensive techniques, approaches, or procedures that an adversary may use to achieve their objectives during an attack. It helps in understanding the intent and capabilities of the adversary and can be used to identify indicators of attack (IoAs) or indicators of compromise (IoCs) that are associated with the adversary's tactics.|| @@ -339,6 +340,16 @@ A single line, short summary of the object. * *MedString* String with at most 2048 characters. + +## Property short_id ∷ Integer + +A sequential, human-readable identifier for the incident, unique within an organization. + +* This entry is optional + + + * Zero, or a positive integer. + ## Property source ∷ MedStringString