Merge pull request #50 from mitre-attack/optional_analytic_fields

Optional analytic fields

Author: clemiller

package-lock.json

@@ -66,24 +66,6 @@ const minimalAnalytic: MinimalAnalytic = {
   x_mitre_domains: ['enterprise-attack'],
   x_mitre_platforms: ['Windows'],
   description: 'Adversary execution of PowerShell commands with suspicious parameters',
-  x_mitre_log_source_references: [
-    {
-      x_mitre_data_component_ref: 'x-mitre-data-component--1a2b3c4d-5e6f-789a-bcde-123456789abc',
-      name: 'PowerShell',
-      channel: '1',
-    },
-    {
-      x_mitre_data_component_ref: 'x-mitre-data-component--1a2b3c4d-5e6f-789a-bcde-123456789abc',
-      name: 'PowerShell',
-      channel: '2',
-    },
-  ],
-  x_mitre_mutable_elements: [
-    {
-      field: 'TimeWindow',
-      description: 'Time window for correlation analysis',
-    },
-  ],
 };
 
 type MinimalCampaign = Omit<Campaign, MinimalSdoKeys>;

src/generator/index.ts

@@ -118,9 +118,9 @@ export const analyticSchema = attackBaseDomainObjectSchema
 
     external_references: createAttackExternalReferencesSchema('x-mitre-analytic'),
 
-    x_mitre_log_source_references: xMitreLogSourceReferencesSchema,
+    x_mitre_log_source_references: xMitreLogSourceReferencesSchema.optional(),
 
-    x_mitre_mutable_elements: xMitreMutableElementsSchema,
+    x_mitre_mutable_elements: xMitreMutableElementsSchema.optional(),
 
     x_mitre_domains: xMitreDomainsSchema,