mehaase
commented
2 years ago Acknowledged. We are under way on an update to Attack Flow that will have better documentation and examples of all the fields in the schema. Until then, I'll try to answer your questions here.
The object property is based on OWL concepts: whereas a data property lets you associate a string, an object property lets you reference another object. (The mechanics of how the reference is resolved are unspecified. That is something we'll address in the next release.)
Logic operators allow you to specify dependencies. E.g. if Action A depends on having code execution (CE) and also an admin password (AP), then you can draw arrows from AP→A and CE→A and then set A's logic operator to AND. On the other hand, Action B depends on either spearphishing with link (SPL) or spearphishing with attachment (SPA), then you can draw arrows SPL→B and SPA→B and the the logic operator to OR. (There is also logic operator language. The overall approach and documentation for logic operators will be improved in the next release.)
Thank you for taking the the time to review the spec and give us feedback! Let me know if you have any further questions.
threatinteltests
Attempting to design a user interface using this schema. And have a couple of questions:
The purpose of Object Properties is not clear, and none of the corpus json examples include any populated object properties. Can you provide an example of it's usage, along with a use case justification?
Also unsure on Logic Operators - how do they interact?