Feature request: support of STIX 2.1 "Language Content" object

[2xyo]

Problem to Solve

It would be nice (for the reporting to the top management) to be able to display objects in a foreign language.

Current Workaround

Translate each attack pattern / phase in the kill chain in assets/enterprise-attack.json

Proposed Solution

Implement the STIX 2.1 "Language Content object" :

• if a "language-content" exists regarding an attack pattern/kill_chain_phases
  • allow the user to switch to the available language
  • display each element in the corresponding language

Example:

 {
    "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
    "name": ".bash_profile and .bashrc",
    "description": "Adversaries may establish persistence [...]",
    "type": "attack-pattern",
    [...]
    "x_mitre_detection": "While users [...]",
},
{
    "type": "language-content",
    "id": "language-content--b86bd89f-98bb-4fa9-8cb2-9ad421da981d",
    [...]
    "object_ref": "attack-pattern--b63a34e8-0a61-4c97-a23b-bf8a2ed812e2",
    "contents": {
    "fr": {
        "name": ".bash_profile et .bashrc",
        "description": "Des adversaires peuvent [...]",
        "x_mitre_detection" : "Les utilisateurs peuvent[...]" 
    }
}

Additional Information

• https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_z9r1cwtu8jja - 7.1 Language Content

[isaisabel]

Hi @2xyo,

Thanks for reaching out! Translations are definitely something ATT&CK has been thinking about. We plan to eventually support language-content, however currently ATT&CK is still using STIX 2.0 and language-content was introduced in STIX 2.1. Once ATT&CK upgrades to STIX 2.1, we will definitely start working on support for translations through language-content SDOs. This probably won't happen for at least a year however, we have quite a bit of work to do before we can support STIX 2.1 across the infrastructure.

Your current workaround is definitely the way to go until we adopt STIX 2.1. ATT&CK likely will not provide official translations in the short term, but you're welcome to develop your own locally by modifying the content found on our MITRE/CTI repository.

I'll keep this issue open so that we can keep track of the request even though we won't be working on it short-term.