Incident
The Incident object in STIX 2.1 is a stub. It is included to support basic use cases but does not contain properties to represent metadata about incidents. Future STIX 2 releases will expand it to include these capabilities. It is suggested that it is used as an extension point for an Incident object defined using the extension facility described in section 7.3.
Properties
| Property | Type | Description |
|---|---|---|
typeoptional | string | The type of this object, which MUST be the literal `incident`. |
namerequired | string | The name used to identify the Incident. |
descriptionoptional | string | A description that provides more details and context about the Incident. |
Relationships
These are the relationships explicitly defined between the Incident object and other STIX Objects. The first section lists the embedded relationships by property name along with their corresponding target. The rest of the table identifies the relationships that can be made from this object type to another object type by way of the Relationship object. The reverse relationships section illustrates the relationships targeting this object type from another object type. They are included here for convenience. For their definitions, please see the "Source" object.
Relationships are not restricted to those listed below. Relationships can be created between any objects using the related-to relationship type or, as with open vocabularies, user-defined names.
This table is left intentionally blank and will be fleshed out in a future release.