object_refs in Report object #9831
Labels
bug
use for describing something not working as expected
needs triage
use to identify issue needing triage from Filigran Product team
Comments
Matthew-Filigran
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Use case: data sharing by TAXII between OpenCTI (TAXII server) and 3rd party TAXII client.
The TAXII client throws an error when report object data does not include object_refs. The report used does not contain any object_refs (tested by exporting stix bundle).
According to the STIX 2.1 specification, the object_refs property in a Report object is required and must be a list of identifiers referencing other STIX objects. The specification does not explicitly state whether this list can be empty. However, since object_refs is mandatory, omitting it entirely would violate the specification. Therefore, a TAXII server should include the object_refs property in a Report object, even if it is an empty array ("object_refs": []).
This is preventing the ability to share reports to third parties.
The text was updated successfully, but these errors were encountered: