You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I'm seeing improper use of the cybox:false flag in athena, cloud watch logs, splunk, and palo alto connectors. Setting the cybox: false flag on a mapping will put that property in the outer level of the observed-data object. Only created, modified, first_observed, last_observed, and number_observed should go here. All other custom properties should go under their respective SCOs.
Expected behavior
Any custom properties should go under their respective SCO.
The text was updated successfully, but these errors were encountered:
I think the key is unnecessary entirely; you could parse the mapping and see that there's no object type specified (e.g. first_observed is a property name with no object type and dot before it). No object type implies "cybox": false
Describe the bug
I'm seeing improper use of the cybox:false flag in athena, cloud watch logs, splunk, and palo alto connectors. Setting the cybox: false flag on a mapping will put that property in the outer level of the observed-data object. Only created, modified, first_observed, last_observed, and number_observed should go here. All other custom properties should go under their respective SCOs.
Expected behavior
Any custom properties should go under their respective SCO.
The text was updated successfully, but these errors were encountered: