You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am a developer of the OpenCTI project and I recently wrote a parser [1] for the stix 2.1 documentation page [2] to automatically retrieve all relationship types to then match them against the OpenCTI relationships to verify everything is correctly implemented.
While doing that I noticed a few minor issues with the documentation and Jane Ginn told me to contact you on this regard. The relationship summary table[3] is missing following relationships (output from my script):
Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'malware'}
Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'vulnerability'}
Summary is missing {'source': 'malware', 'relationship': 'exfiltrates-to', 'target': 'infrastructure'}
Summary is missing {'source': 'tool', 'relationship': 'uses', 'target': 'infrastructure'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'domain-name'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv4-addr'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv6-addr'}
Summary is missing {'source': 'ipv4-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'}
Summary is missing {'source': 'ipv4-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'}
Summary is missing {'source': 'ipv6-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'}
Summary is missing {'source': 'ipv6-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'}
I am not sure if they SCOs like the IP addresses are supposed to be in the summary table or not.
Besides that, there's also a typo in the 'malware -> exfiltrate_to -> infrastructure' relationship in the summary table. According to the malware detail page [4] the relationship should be called 'exfiltrates-to' (with the s).
My approach to find the relationship definitions in the tables was to look for a string called 'Relationship Type'. The majority of stix object relationship tables use this string for the description row, but 'malware-analysis' for example doesn't.
Would it be possible to change the 'Name' table header for the relationship tables to 'Relationship Type' to have a identical table layout for all relationship descriptions?
I am a developer of the OpenCTI project and I recently wrote a parser [1] for the stix 2.1 documentation page [2] to automatically retrieve all relationship types to then match them against the OpenCTI relationships to verify everything is correctly implemented.
While doing that I noticed a few minor issues with the documentation and Jane Ginn told me to contact you on this regard. The relationship summary table[3] is missing following relationships (output from my script):
Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'malware'}
Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'vulnerability'}
Summary is missing {'source': 'malware', 'relationship': 'exfiltrates-to', 'target': 'infrastructure'}
Summary is missing {'source': 'tool', 'relationship': 'uses', 'target': 'infrastructure'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'domain-name'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv4-addr'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv6-addr'}
Summary is missing {'source': 'ipv4-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'}
Summary is missing {'source': 'ipv4-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'}
Summary is missing {'source': 'ipv6-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'}
Summary is missing {'source': 'ipv6-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'}
I am not sure if they SCOs like the IP addresses are supposed to be in the summary table or not.
Besides that, there's also a typo in the 'malware -> exfiltrate_to -> infrastructure' relationship in the summary table. According to the malware detail page [4] the relationship should be called 'exfiltrates-to' (with the s).
My approach to find the relationship definitions in the tables was to look for a string called 'Relationship Type'. The majority of stix object relationship tables use this string for the description row, but 'malware-analysis' for example doesn't.
Would it be possible to change the 'Name' table header for the relationship tables to 'Relationship Type' to have a identical table layout for all relationship descriptions?
Regards,
nor3th
[1] https://github.com/nor3th/furry-chainsaw/blob/main/opencti/relationships_test.py
[2] https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html
[3] https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_6n2czpjuie3v
The text was updated successfully, but these errors were encountered: