search

oasis-tcs / cti-taxii2

OASIS CTI TC: An official CTI TC repository for TAXII 2 work
https://github.com/oasis-tcs/cti-taxii2
Other
9 stars 4 forks source link

Need ability to request related objects in one request to a distance of 1(?) #7

Open jordan2175 opened 7 years ago

jordan2175 commented 7 years ago

TAXII should support the ability for a client to tell it to automatically send external relationship objects and their end points to some depth level. This depth level should be configurable on the server and probably advertised either at the api-root level, server level, or maybe even collection level.

The idea is if you ask for a malware object, you could also say, give me all relationships that point to it and the objects on the other side. We would need to be careful here as this could be very intensive for the server to walk the graph. Thus the need to have a depth parameter. Maybe the default depth should be 1. Meaning, just send the external relationships. Then if people want to get the other side, they can make that call separately. Or they could use the auto dereference feature to get the other side.

Now we may chose to not do the depth, and that is okay, but we do need to provide a way to tell the server to give you the relationships.

MarkDavidson commented 7 years ago

Recommendation: Decide whether this is in or out of scope for TAXII 2.1