sigma-attack only techniques have relationships

[himynamesdave]

https://github.com/muchdogesec/arango_cti_processor/blob/adding-tests/tests/README.md#test-70-test-sigma-rule-indicator-to-attck-attack-pattern-relationship-sigma-attack

These two tests fail

    # test 2 Expects 15546 results (see test-data-research.md for why)
    def test_02_check_generated_relationships(self):
        query = """
        RETURN LENGTH(
          FOR doc IN sigma_rules_edge_collection
            FILTER doc._is_latest == true
            AND doc.relationship_type == "detects"
            AND doc._arango_cti_processor_note == "sigma-attack"
            AND doc.object_marking_refs == [
                "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
                "marking-definition--2e51a631-99d8-52a5-95a6-8314d3f4fbf3"
            ]
            RETURN [doc]
        )
        """
        result_count = self.run_query(query)
        self.assertEqual(result_count, [15546], f"Expected 15546 documents, but found {result_count}.")

# check relationships for indicator--1a7e070a-64cb-5d4f-aff4-8e5fdcd72edf has 3 ATT&CK references, 
#        {
#          "source_name": "mitre-attack",
#          "description": "tactic",
#          "external_id": "credential_access"
#        },
#        {
#          "source_name": "mitre-attack",
#          "url": "https://attack.mitre.org/techniques/T1003.001",
#          "external_id": "T1003.001"
#        },
#        {
#          "source_name": "mitre-attack",
#          "url": "https://attack.mitre.org/software/S0002",
#          "external_id": "S0002"
#        },
# Enterprise
# * credential_access TA0002 x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5
#   * `2e51a631-99d8-52a5-95a6-8314d3f4fbf3` `detects+sigma_rules_vertex_collection/indicator--1a7e070a-64cb-5d4f-aff4-8e5fdcd72edf+mitre_attack_enterprise_vertex_collection/x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5` = `86ac99cc-d4c4-56fb-ae8b-720c3772503a`
# * T1003.001 attack-pattern--65f2d882-3f41-4d48-8a06-29af77ec9f90
#   * `2e51a631-99d8-52a5-95a6-8314d3f4fbf3` `detects+sigma_rules_vertex_collection/indicator--1a7e070a-64cb-5d4f-aff4-8e5fdcd72edf+mitre_attack_enterprise_vertex_collection/attack-pattern--65f2d882-3f41-4d48-8a06-29af77ec9f90` = `e119b459-c4c7-5ce3-bdd5-1caedb9f6d4b`
# * S0002 tool--afc079f3-c0ea-4096-b75d-3f05338b7f60
#   * `2e51a631-99d8-52a5-95a6-8314d3f4fbf3` `detects+sigma_rules_vertex_collection/indicator--1a7e070a-64cb-5d4f-aff4-8e5fdcd72edf+mitre_attack_enterprise_vertex_collection/tool--afc079f3-c0ea-4096-b75d-3f05338b7f60` = `d7e0a492-db21-5021-a7fb-ec8d31acb051`
# Mobile
# * credential_access TA0035 x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba
#   * `2e51a631-99d8-52a5-95a6-8314d3f4fbf3` `detects+sigma_rules_vertex_collection/indicator--1a7e070a-64cb-5d4f-aff4-8e5fdcd72edf+mitre_attack_mobile_vertex_collection/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba` = `96495af9-cd33-5191-95ab-d098b7ef2f5e`

    def test_03_check_relationship_gen_for_object1(self):
        query = """
          FOR doc IN sigma_rules_edge_collection
              FILTER doc._is_latest == true
              AND doc.relationship_type == "detects"
              AND doc.source_ref == "indicator--1a7e070a-64cb-5d4f-aff4-8e5fdcd72edf"
              RETURN doc.id
        """
        result_count = self.run_query(query)
        expected_ids = [
            "relationship--86ac99cc-d4c4-56fb-ae8b-720c3772503a",
            "relationship--e119b459-c4c7-5ce3-bdd5-1caedb9f6d4b",
            "relationship--d7e0a492-db21-5021-a7fb-ec8d31acb051",
            "relationship--96495af9-cd33-5191-95ab-d098b7ef2f5e"
        ]
        self.assertEqual(result_count, expected_ids, f"Expected {expected_ids}, but found {result_count}.")

if __name__ == '__main__':
    unittest.main()

It seems only techniques are currently generatated as only the SRO relationship--e119b459-c4c7-5ce3-bdd5-1caedb9f6d4b" matches for test 03

[himynamesdave]

https://dogesec.slack.com/archives/D05L8JEAM1N/p1722437276690279

[himynamesdave]

closing for #18