This repository contains proposed extensions to the STIX 2.1 standard.
Though robust, there are still gaps in the threat intel data that can be represented in STIX. The standard allows for custom objects and properties. However, if every source uses it's own names and definitions for these new extensions, this can lead to fragmentation of the data we wish to represent.
This repository attempts to normalize custom STIX extensions. This will reduce the duplication of data and allow for federated search across like-for-like STIX objects and properties, regardless of the source.
These extensions follow the naming convention x-oca-extension_name
.
- schemas: Contains all JSON schemas for the new extensions.
- extension_definitions: Contains all the Extension Definitions objects of defined extensions.
- context: Contains a description of the concept (per sub-folder) that the extension represents together with examples of usage.