clemiller
commented
2 years ago Hi @jfcantu,
Thanks for opening this issue! This appears to be caused by a bug in the bundle parsing.
For additional context- as per #183, the Navigator should allow users to define multiple bundles to be loaded into a single Navigator instance, such as if domain data is split across multiple bundles. We previously allowed displaying multiple domains in a single layer, but due to issues with layer-layer operations and custom datasets, we removed that ability by filtering out objects that are not within the specified domain (#308).
Users should still be able to specify multiple bundles that are within the same domain, however, each bundle is parsed and built separately with the matrix and tactics provided. Because of this, all subsequent bundles that either do not include their own matrix or contain a matrix with the same STIX ID as a previous bundle are not built correctly and are not displayed in the Navigator view. The bundle parsing should have the ability build multiple bundles into a single matrix view.
Hi folks,
I'm not sure if I'm doing something wrong here, or if this isn't supported, but here's my use case:
According to the instructions here, a "domain" (as defined in
config.json) can be configured to load multiple STIX bundles.It seems that if you load multiple STIX bundles in this way, objects in one bundle can't be referenced from another bundle. For example, if I load the standard Enterprise ATT&CK bundle, I can't add onto that matrix by loading a second bundle containing Techniques which reference Tactics in the ATT&CK bundle.
This would be helpful for a couple reasons - for one, I would like to be able to extend the ATT&CK framework without having to maintain my own fork of the ATT&CK STIX bundle. Secondly, STIX bundles are already unwieldy enough - it would be very helpful to be able to split objects across multiple files for ease of maintainability.