Open garanews opened 1 year ago
Why in the enterprise JSON there is a relationship such as:
"description": "[Imminent Monitor](https://attack.mitre.org/software/S0434) has a module for performing remote desktop access.(Citation: QiAnXin APT-C-36 Feb2019)", "relationship_type": "uses", "source_ref": "tool--8f8cd191-902c-4e83-bf20-b57c8c4640e9", "target_ref": "attack-pattern--eb062747-2193-45de-8fa2-e62549c37ddf",
And in the STIX 2.1 standard the relationship is the opposite? It seems that standard says the attack pattern uses the tool and not the vice-versa:
Can you explain?
Why in the enterprise JSON there is a relationship such as:
And in the STIX 2.1 standard the relationship is the opposite? It seems that standard says the attack pattern uses the tool and not the vice-versa:
Can you explain?