I have just added support for relationships with STIX in the Java
lib.
{
 "type":
"bundle",
 "id":
"bundle--f428f07f-4efe-4980-9f47-74d946826c69",
Â
"spec_version": "2.0",
 "objects":
[
 Â
{
 Â
 "type": "attack-pattern",
 Â
 "id":
"attack-pattern--cb3010c8-f36c-4dc3-bf3d-8c1ffeb5e1cf",
 Â
 "created": "2018-11-22T22:26:43.159Z",
 Â
 "modified": "2018-11-25T22:26:43.159Z",
 Â
 "revoked": false,
 Â
 "object_marking_refs": [
 Â
 Â
"marking-definition--6139cfd0-7d2f-4389-b7e3-e97836888268"
 Â
 ],
 Â
 "granular_markings": [
 Â
  {
 Â
   "selectors": [
 Â
    "pattern1",
 Â
    "pattern2",
 Â
    "pattern3"
 Â
   ],
 Â
   "marking_ref":
"marking-definition--b4ab8f5b-f812-49c5-a2b2-b168a0ba236d"
 Â
  }
 Â
 ],
 Â
 "name": "some pattern",
 Â
 "kill_chain_phases": [
 Â
  {
 Â
   "kill_chain_name": "Chain1",
 Â
   "phase_name": "phase1"
 Â
  },
 Â
  {
 Â
   "kill_chain_name": "Chain1",
 Â
   "phase_name": "phase2"
 Â
  }
 Â
 ],
 Â
 "x_someCustomKey": "My custom value",
 Â
 "x_someOtherCustom_key": 3939
 Â
},
 Â
{
 Â
 "type": "observed-data",
 Â
 "id":
"observed-data--e3d14217-fc58-47bb-b5fb-b67d6ca78db3",
 Â
 "created": "2018-11-22T22:26:43.221Z",
 Â
 "modified": "2018-11-22T22:26:43.221Z",
 Â
 "revoked": false,
 Â
 "object_marking_refs": [
 Â
 Â
"marking-definition--39ceb120-7777-4e13-888e-95efb6c99a31"
 Â
 ],
 Â
 "first_observed": "2018-11-22T22:26:43.209Z",
 Â
 "last_observed": "2018-11-22T22:26:43.209Z",
 Â
 "number_observed": 3,
 Â
 "objects": {
 Â
  "some artifact": {
 Â
   "type": "artifact",
 Â
   "url": "someURL"
 Â
  },
 Â
  "some AS": {
 Â
   "type": "autonomous-system",
 Â
   "number": 5,
 Â
   "rir": "someRIR"
 Â
  }
 Â
 }
 Â
},
 Â
{
 Â
 "type": "marking-definition",
 Â
 "id":
"marking-definition--39ceb120-7777-4e13-888e-95efb6c99a31",
 Â
 "created": "2018-11-22T22:26:43.208Z",
 Â
 "granular_markings": [
 Â
  {
 Â
   "selectors": [
 Â
    "marking-pattern1",
 Â
    "pattern2",
 Â
    "pattern3"
 Â
   ],
 Â
   "marking_ref":
"marking-definition--b4ab8f5b-f812-49c5-a2b2-b168a0ba236d"
 Â
  }
 Â
 ],
 Â
 "definition_type": "statement",
 Â
 "definition": {
 Â
  "statement": "Internal review of data allows for
sharing as per ABC-009 Standard"
 Â
 }
 Â
},
 Â
{
 Â
 "type": "marking-definition",
 Â
 "id":
"marking-definition--b4ab8f5b-f812-49c5-a2b2-b168a0ba236d",
 Â
 "created": "2018-11-22T22:26:43.199Z",
 Â
 "definition_type": "tlp",
 Â
 "definition": {
 Â
  "tlp": "red"
 Â
 }
 Â
},
 Â
{
 Â
 "type": "relationship",
 Â
 "id":
"relationship--fb64d173-3478-4eb9-abae-c580cf92454c",
 Â
 "created": "2018-11-22T22:26:43.242Z",
 Â
 "modified": "2018-11-22T22:26:43.242Z",
 Â
 "revoked": false,
 Â
 "relationship_type": "targets",
 Â
 "source":
"attack-pattern--cb3010c8-f36c-4dc3-bf3d-8c1ffeb5e1cf",
 Â
 "target":
"identity--16b669a9-91ef-492d-852c-9249695a09f4"
 Â
}
 ]
}
I am hoping some of the community can provide some interesting
âcomplexitiesâ for relationships for me to test again. If you
have some scenarios of complexity please share!
All of the relationships are typed checked and validated per
SDO. So it should generated fully spec compliant
relationships.
as a extra helper to maintain sanity I have added the
"bundle.autoDetectBundleObjects()â method. This will traverse
the nested relationships and objects inside of each objects in the
bundle and add any nested content into the bundle at the parent
level as per the spec. The âsanityâ aspect is that if you are
building a complex object with many relationships and nested
objects, you can build these all inline without the need to
generate them as individual bundle items. So you could have a
âattack-patternâ with 5 ârelated-toâ, 5 object markings, and 5
granular markings. Âyou would just have to write
âbundle.addObjects(myAttackPattern)â and run the
âbundle.autoDetectBundleObjects()â method, and it will detect all
of the nested 15 objects and add them into the bundle as per the
spec.