Fix references in STIX detection strategy JSON

jondricek · web-flow · commit c04467f8ddc1 · 2025-10-27T10:35:18.000-05:00
diff --git a/util/sample_3.3.0_stix-detection-strategy.json b/util/sample_3.3.0_stix-detection-strategy.json
@@ -284,17 +284,17 @@
     "description": "Processes opening /proc/*/mem or /proc/*/maps targeting credential-storing services like sshd or login. Behavior often includes high privilege escalation and memory inspection tools such as gcore or gdb.",
     "x_mitre_log_source_references": [
       {
-        "x_mitre_data_component_refs": "x-mitre-data-component--1887a270-576a-4049-84de-ef746b2572d6",
+        "x_mitre_data_component_ref": "x-mitre-data-component--1887a270-576a-4049-84de-ef746b2572d6",
         "name": "auditd:SYSCALL",
         "channel": "ptrace"
       },
       {
-        "x_mitre_data_component_refs": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
+        "x_mitre_data_component_ref": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
         "name": "auditd:SYSCALL",
         "channel": "execve"
       },
       {
-        "x_mitre_data_component_refs": "x-mitre-data-component--235b7491-2d2b-4617-9a52-3c0783680f71",
+        "x_mitre_data_component_ref": "x-mitre-data-component--235b7491-2d2b-4617-9a52-3c0783680f71",
         "name": "auditd:SYSCALL",
         "channel": "open"
       }

Original file line number	Diff line number	Diff line change
`@@ -284,17 +284,17 @@`
`284`	`284`	`"description": "Processes opening /proc//mem or /proc//maps targeting credential-storing services like sshd or login. Behavior often includes high privilege escalation and memory inspection tools such as gcore or gdb.",`
`285`	`285`	`"x_mitre_log_source_references": [`
`286`	`286`	`{`
`287`		`- "x_mitre_data_component_refs": "x-mitre-data-component--1887a270-576a-4049-84de-ef746b2572d6",`
	`287`	`+ "x_mitre_data_component_ref": "x-mitre-data-component--1887a270-576a-4049-84de-ef746b2572d6",`
`288`	`288`	`"name": "auditd:SYSCALL",`
`289`	`289`	`"channel": "ptrace"`
`290`	`290`	`},`
`291`	`291`	`{`
`292`		`- "x_mitre_data_component_refs": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",`
	`292`	`+ "x_mitre_data_component_ref": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",`
`293`	`293`	`"name": "auditd:SYSCALL",`
`294`	`294`	`"channel": "execve"`
`295`	`295`	`},`
`296`	`296`	`{`
`297`		`- "x_mitre_data_component_refs": "x-mitre-data-component--235b7491-2d2b-4617-9a52-3c0783680f71",`
	`297`	`+ "x_mitre_data_component_ref": "x-mitre-data-component--235b7491-2d2b-4617-9a52-3c0783680f71",`
`298`	`298`	`"name": "auditd:SYSCALL",`
`299`	`299`	`"channel": "open"`
`300`	`300`	`}`