Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some relationships are missing from the table in Appendix B #281

Open
rpiazza opened this issue Sep 20, 2021 · 0 comments
Open

Some relationships are missing from the table in Appendix B #281

rpiazza opened this issue Sep 20, 2021 · 0 comments

Comments

@rpiazza
Copy link
Contributor

rpiazza commented Sep 20, 2021

I am a developer of the OpenCTI project and I recently wrote a parser [1] for the stix 2.1 documentation page [2] to automatically retrieve all relationship types to then match them against the OpenCTI relationships to verify everything is correctly implemented.
While doing that I noticed a few minor issues with the documentation and Jane Ginn told me to contact you on this regard. The relationship summary table[3] is missing following relationships (output from my script):

Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'malware'}
Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'vulnerability'}
Summary is missing {'source': 'malware', 'relationship': 'exfiltrates-to', 'target': 'infrastructure'}
Summary is missing {'source': 'tool', 'relationship': 'uses', 'target': 'infrastructure'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'domain-name'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv4-addr'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv6-addr'}
Summary is missing {'source': 'ipv4-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'}
Summary is missing {'source': 'ipv4-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'}
Summary is missing {'source': 'ipv6-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'}
Summary is missing {'source': 'ipv6-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'}

I am not sure if they SCOs like the IP addresses are supposed to be in the summary table or not.
Besides that, there's also a typo in the 'malware -> exfiltrate_to -> infrastructure' relationship in the summary table. According to the malware detail page [4] the relationship should be called 'exfiltrates-to' (with the s).

My approach to find the relationship definitions in the tables was to look for a string called 'Relationship Type'. The majority of stix object relationship tables use this string for the description row, but 'malware-analysis' for example doesn't.
Would it be possible to change the 'Name' table header for the relationship tables to 'Relationship Type' to have a identical table layout for all relationship descriptions?

Regards,

nor3th

[1] https://github.com/nor3th/furry-chainsaw/blob/main/opencti/relationships_test.py
[2] https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html
[3] https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_6n2czpjuie3v

@rpiazza rpiazza changed the title Some relationships are missing from the T Some relationships are missing from the table in Appendix B Sep 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants