fix color

2026-02-21 11:17:52 +00:00 · 2021-02-17 22:26:28 -05:00
parent f9ecd582bd
commit aaa4d2c9ed
3 changed files with 342 additions and 324 deletions
--- a/STIX_for_digital_forensics/CFO_intro.svg
+++ b/STIX_for_digital_forensics/CFO_intro.svg
--- a/STIX_for_digital_forensics/CFO_intro.vsdx
+++ b/STIX_for_digital_forensics/CFO_intro.vsdx
--- a/STIX_for_digital_forensics/readme.md
+++ b/STIX_for_digital_forensics/readme.md
@@ -193,6 +193,7 @@ The Activity Name vocabulary is shared by both attackers and investigators.
 | Vocabulary Value | Description                                                         |
 | ---------------- | ------------------------------------------------------------------- |
 | steganalysis     |                                                                     |
+| break            |                                                                     |
 | browse           | Browse webpages, directories, etc.                                  |
 | carve            |                                                                     |
 | config           |                                                                     |
@@ -271,14 +272,14 @@ An action is one cyber criminal activity performed under a user account. It is a

 ## Action Specific Properties

-| Property Name   | Type       | Description                                                                                   |
-| --------------- | ---------- | --------------------------------------------------------------------------------------------- |
-| type (required) | string     | The value of this property MUST be x-action.                                                  |
-| name            | open-vocab | Specifies the name of an action. It MUST come from x-activity-name-ov.                        |
-| target          | identifier | Specifies the object that receives the direct action of the verb. It is an observable object. |
-| description     | string     | A description that provides more details and context about the Action.                        |
-| start_time      | timestamp  | Specifies the the time that an action is started.                                             |
-| end_time        | timestamp  | Specifies the the time that an action is ended.                                               |
+| Property Name   | Type       | Description                                                                    |
+| --------------- | ---------- | ------------------------------------------------------------------------------ |
+| type (required) | string     | The value of this property MUST be x-action.                                   |
+| verb            | open-vocab | Specifies the name of an action. It MUST come from x-activity-name-ov.         |
+| target          | identifier | Specifies an observed data object that receives the direct action of the verb. |
+| description     | string     | A description that provides more details and context about the Action.         |
+| start_time      | timestamp  | Specifies the the time that an action is started.                              |
+| end_time        | timestamp  | Specifies the the time that an action is ended.                                |

 ### Relationships

@@ -295,8 +296,8 @@ An action is one cyber criminal activity performed under a user account. It is a
    "type": "x-action",
    "spec_version": "2.1",
    "id": "x-action--87a3e4ee-102c-4cc9-9017-96089a0e0680",
-    "name": "Search",
-    "target": "anti-forensic tools",
+    "verb": "Search",
+    "target": ["observed-data--2c562ec3-d3bd-4e9b-9d79-cc791c86692d"],
    "description": "Search a 'anti-forensic tools' keyword online using bing search engine.",
    "start_time": "2015-25-25T14:46:44:44Z",
    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",