From ba3c888af807727b451655f2f9000c6b07cc1608 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 11 Aug 2017 11:22:16 +0200 Subject: [PATCH] Make relationship type more generic Make the relationship types more generic especially to avoid issue with community-designed standards that might change later the types, broke compatibility or decide to change their mind due to some proprietary vendors trying to lock-in the users. --- relationships/definition.json | 87 ++++++++++++++++++++++++++++------- 1 file changed, 71 insertions(+), 16 deletions(-) diff --git a/relationships/definition.json b/relationships/definition.json index a330af1..06158da 100644 --- a/relationships/definition.json +++ b/relationships/definition.json @@ -1,65 +1,120 @@ { - "version": 1, + "version": 2, "values": [ { "name": "derived-from", - "description": "STIX 2.0: The information in the target object is based on information from the source object." + "description": "The information in the target object is based on information from the source object.", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "duplicate-of", - "description": "STIX 2.0: The referenced source and target objects are semantically duplicates of each other." + "description": "The referenced source and target objects are semantically duplicates of each other.", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "related-to", - "description": "STIX 2.0: Asserts a non - specific relationship between two SDOs. This relationship ca n be used when none of the other predefined relationships are appropriate." + "description": "The referenced source is related to the target object.", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "attributed-to", - "description": "STIX 2.0: This Relationship describes that the Intrusion Set or Threat Actor that is involved in carrying out the Campaign." + "description": "This referenced source is attributed to the target object.", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "targets", - "description": "STIX 2.0: This Relationship describes that the Campaign uses exploits of the related Vulnerability or targets the type of victims described by the related Identity." + "description": "This relationship describes that the source object targets the target object.", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "uses", - "description": "STIX 2.0: This Relationship describes that attacks carried out as part of the Campaign typically use the related Attack Pattern, Malware, or Tool." + "description": "This relationship describes the use by the source object of the target object.", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "indicates", - "description": "STIX 2.0: This Relationship describes that the Indicator can detect evidence of the related Campaign, Intrusion, or Threat Actor. This evidence may not be direct: for example, the Indicator may detect secondary evidence of the Campaign, such as malware or behavior commonly used by that Campaign." + "description": "This relationships describes that the source object indicates the target object.", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "mitigates", - "description": "STIX 2.0: This Relationship describes that the Course of Action can mitigate the related Attack Pattern, Malware, Vulnerability, or Tool." + "description": "This relationship describes a source object which mitigates the target object.", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "variant-of", - "description": "STIX 2.0: This Relationship is used to document that one piece of Malware is a variant of another piece of Malware." + "description": "This relationship describes a source object which is a variant of the target object", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "impersonates", - "description": "STIX 2.0: This Relationship describes that the actor is the real identity represented in the related Identity." + "description": "This relationship describe a source object which impersonates the target object", + "format": [ + "misp", + "stix-2.0" + ] }, { "name": "authored-by", - "description": "This relationship describes the author of a specific object." + "description": "This relationship describes the author of a specific object.", + "format": [ + "misp" + ] }, { "name": "located", - "description": "This relationship describes the location (of any type) of a specific object." + "description": "This relationship describes the location (of any type) of a specific object.", + "format": [ + "misp" + ] }, { "name": "included-in", - "description": "This relationship describes an object included in another object." + "description": "This relationship describes an object included in another object.", + "format": [ + "misp" + ] }, { "name": "analysed-with", - "description": "This relationship describes an object analysed by another object." + "description": "This relationship describes an object analysed by another object.", + "format": [ + "misp" + ] }, { "name": "claimed-by", - "description": "This relationship describes an object claimed by another object." + "description": "This relationship describes an object claimed by another object.", + "format": [ + "misp" + ] } ], "description": "Default type of relationships in MISP objects.",