I am a developer of the OpenCTI project and I recently wrote a parser [1] for the stix 2.1 documentation page [2] to automatically retrieve all relationship types to then match them against the OpenCTI relationships to verify everything is correctly implemented.
While doing that I noticed a few minor issues with the documentation and Jane Ginn told me to contact you on this regard. The relationship summary table[3] is missing following relationships (output from my script):
Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'malware'}
Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'vulnerability'}
Summary is missing {'source': 'malware', 'relationship': 'exfiltrates-to', 'target': 'infrastructure'}
Summary is missing {'source': 'tool', 'relationship': 'uses', 'target': 'infrastructure'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'domain-name'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv4-addr'}
Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv6-addr'}
Summary is missing {'source': 'ipv4-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'}
Summary is missing {'source': 'ipv4-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'}
Summary is missing {'source': 'ipv6-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'}
Summary is missing {'source': 'ipv6-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'}
I am not sure if they SCOs like the IP addresses are supposed to be in the summary table or not.
Besides that, there's also a typo in the 'malware -> exfiltrate_to -> infrastructure' relationship in the summary table. According to the malware detail page [4] the relationship should be called 'exfiltrates-to' (with the s).
My approach to find the relationship definitions in the tables was to look for a string called 'Relationship Type'. The majority of stix object relationship tables use this string for the description row, but 'malware-analysis' for example doesn't.
Would it be possible to change the 'Name' table header for the relationship tables to 'Relationship Type' to have a identical table layout for all relationship descriptions?
I am a developer of the OpenCTI project and I recently wrote a parser [1] for the stix 2.1 documentation page [2] to automatically retrieve all relationship types to then match them against the OpenCTI relationships to verify everything is correctly implemented. While doing that I noticed a few minor issues with the documentation and Jane Ginn told me to contact you on this regard. The relationship summary table[3] is missing following relationships (output from my script):
Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'malware'} Summary is missing {'source': 'course-of-action', 'relationship': 'remediates', 'target': 'vulnerability'} Summary is missing {'source': 'malware', 'relationship': 'exfiltrates-to', 'target': 'infrastructure'} Summary is missing {'source': 'tool', 'relationship': 'uses', 'target': 'infrastructure'} Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'domain-name'} Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv4-addr'} Summary is missing {'source': 'domain-name', 'relationship': 'resolves-to', 'target': 'ipv6-addr'} Summary is missing {'source': 'ipv4-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'} Summary is missing {'source': 'ipv4-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'} Summary is missing {'source': 'ipv6-addr', 'relationship': 'resolves-to', 'target': 'mac-addr'} Summary is missing {'source': 'ipv6-addr', 'relationship': 'belongs-to', 'target': 'autonomous-system'}
I am not sure if they SCOs like the IP addresses are supposed to be in the summary table or not. Besides that, there's also a typo in the 'malware -> exfiltrate_to -> infrastructure' relationship in the summary table. According to the malware detail page [4] the relationship should be called 'exfiltrates-to' (with the s).
My approach to find the relationship definitions in the tables was to look for a string called 'Relationship Type'. The majority of stix object relationship tables use this string for the description row, but 'malware-analysis' for example doesn't. Would it be possible to change the 'Name' table header for the relationship tables to 'Relationship Type' to have a identical table layout for all relationship descriptions?
Regards,
nor3th
[1] https://github.com/nor3th/furry-chainsaw/blob/main/opencti/relationships_test.py [2] https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html [3] https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_6n2czpjuie3v