You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, this ticket is to open a discussion about cyclic references in mitre data.
In stix-capec.json, some attack pattern have refs that reference the data in the 2 sides.
The attack pattern 'attack-pattern--9ad2c2eb-9939-4590-9683-2e789692d262' is referencing 'attack-pattern--92cdcd3d-d734-4442-afc3-4599f261498b' through x_capec_can_follow_refs
And The attack pattern 'attack-pattern--92cdcd3d-d734-4442-afc3-4599f261498b' is referencing 'attack-pattern--9ad2c2eb-9939-4590-9683-2e789692d262' through x_capec_can_precede_refs
This situation is complex to handle in a data absorption point of view as its impossible to get the full information with only one round of data ingestion. For example in this case the attack-pattern--9ad2c2eb-9939-4590-9683-2e789692d262 will not be created with the correct x_capec_can_follow_refs as the attack pattern to link will not yet be created. To get all data its mandatory to absorb the file twice to finally get everything but I dont think its a good way to handle that cyclic reference.
So the question is more about "there is a way to remove the cyclic reference?" Maybe using a stix relationship instead of a ref?
That will be something like that ATTACK01 - can-follow -> ATTACK02 that could be easily translated to can-precede when looking on ATTACK02?
The text was updated successfully, but these errors were encountered:
Hi, this ticket is to open a discussion about cyclic references in mitre data.
In stix-capec.json, some attack pattern have refs that reference the data in the 2 sides.
The attack pattern 'attack-pattern--9ad2c2eb-9939-4590-9683-2e789692d262' is referencing 'attack-pattern--92cdcd3d-d734-4442-afc3-4599f261498b' through x_capec_can_follow_refs
And The attack pattern 'attack-pattern--92cdcd3d-d734-4442-afc3-4599f261498b' is referencing 'attack-pattern--9ad2c2eb-9939-4590-9683-2e789692d262' through x_capec_can_precede_refs
This situation is complex to handle in a data absorption point of view as its impossible to get the full information with only one round of data ingestion. For example in this case the attack-pattern--9ad2c2eb-9939-4590-9683-2e789692d262 will not be created with the correct x_capec_can_follow_refs as the attack pattern to link will not yet be created. To get all data its mandatory to absorb the file twice to finally get everything but I dont think its a good way to handle that cyclic reference.
So the question is more about "there is a way to remove the cyclic reference?" Maybe using a stix relationship instead of a ref?
That will be something like that ATTACK01 - can-follow -> ATTACK02 that could be easily translated to can-precede when looking on ATTACK02?
The text was updated successfully, but these errors were encountered: