Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor Collections #96

Open
ikiril01 opened this issue Mar 2, 2015 · 3 comments
Open

Refactor Collections #96

ikiril01 opened this issue Mar 2, 2015 · 3 comments
Assignees
@dzbeck
Labels
Com-Bundle Impl-Proposal Modify Type Pri-Medium
Milestone
MAEC 5.0

Comments

@ikiril01
Copy link
Member

ikiril01 commented Mar 2, 2015

We should strongly consider refactoring Bundle Collections, as currently they serve a very similar function as compared to the top-level container elements (e.g. Actions, Objects, etc.) in a MAEC Bundle. One possibility may be to keep their current structure, and allow them to ONLY reference existing entities, rather than both embed and reference entities. For example, an Action Collection would only be allowed to reference MAEC Actions stored in the Actions element.
@ikiril01 ikiril01 added this to the MAEC 5.0 milestone Mar 2, 2015
@ikiril01
Copy link
Member Author

Also, it may make more sense to do away with entity-specific collections completely, and have a single CollectionType that can encapsulate any MAEC entity (via referencing of its ID). In this case, it would likely make sense to have a field (attribute?) on this type to declare the type of entity that it collects, e.g. "actions".

@ikiril01
Copy link
Member Author

E.g,

<Collection entity_type="Action">
    <Name>Network Actions</Name>
    <Entity_Reference entity_id="action-1"/>
    <Entity_Reference entity_id="action-2"/>
    <Entity_Reference entity_id="action-3"/>
</Collection>

@ikiril01 ikiril01 mentioned this issue Apr 15, 2015
Closed
@ikiril01
Copy link
Member Author

The current design calls for Collections to serve as top-level entities in a MAEC Package, i.e.,

<MAEC_Package>
  <Collections>
    <Collection/>
    ...
  </Collections>
</MAEC_Package>

This affords a great deal of flexibility, as it permits the capture of collections of ANY MAEC entity, including Malware Subjects. However, there may still be cases where a Collection needs to be associated with a particular Malware Subject - for example, for the capture of Candidate Indicators as in #84. The question is then how to associate a Collection with a Malware Subject that it "belongs" to - perhaps a simple one-way reference from Malware Subject to Collection is enough? E.g.,

<Collection id="collection-1" entity_type="Action">
    <Name>Network Actions</Name>
    <Entity_Reference entity_id="action-1"/>
    <Entity_Reference entity_id="action-2"/>
    <Entity_Reference entity_id="action-3"/>
</Collection>

<Malware_Subject id="malware-subject-1">
  <Collections>
   <Collection_Reference collection_id="collection-1"/>
  </Collection>
</Malware_Subject>

Another possibility, and perhaps a cleaner and simpler approach, would be to do this using a first-class relationship, e.g.,

<Relationship source_id="malware-subject-1" target_id="collection-1">
  <Type>belongs to</Type>
</Relationship>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dzbeck dzbeck

Labels
Com-Bundle Impl-Proposal Modify Type Pri-Medium
Projects
None yet
Milestone
MAEC 5.0
Development

No branches or pull requests
2 participants
@ikiril01 @dzbeck