Handle Related Objects of Observables

oasis-open / cti-stix-elevator

OASIS Cyber Threat Intelligence (CTI) TC Open Repository: Convert STIX 1.2 XML to STIX 2.x JSON

https://stix2-elevator.readthedocs.io/en/latest/

BSD 3-Clause "New" or "Revised" License

49 stars 23 forks source link

Handle Related Objects of Observables #20

Open rpiazza opened 7 years ago

rpiazza commented 7 years ago

In STIX 1.x, observable objects can be related to other object which appear in other Observables.

In general, relationships between cyber observables are not supported in STIX 2.0, but there are some cases (domain_name related to an ip_address via the "resolved_to" relationship) that we might want to not just ignore

clenk commented 6 years ago

+1 for properly converting domain_name -> resolved_to ->ip_address .

rpiazza commented 6 years ago

I have added the general mechanism to deal with related objects, but it only works for patterns and only for attachments and resolved-to relationships. See #97.

rpiazza commented 6 years ago

Need to do this for all other relationships. Only a few can be represented in STIX 2.0