Trying to import STIX2 with a resolves-to relationship between two observables results in an error

[h1lll0ck]

Description

When trying to import a STIX2 bundle that contains two observables (one domain and one IPv4 address) and a relationship of type resolves-to there is an error relating to the relationship and the relationship is not created.

Perhaps this is currently an intended result, so this might be more of a feature request than a bug report.

Environment

1. OS (where OpenCTI server runs): Ubuntu 20.04 LTS
2. OpenCTI version: 5.1.2
3. OpenCTI client: Web UI
4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Create a STIX2 JSON bundle containing two observables and a relationship of type resolves-to between them (see below for an example)
2. Upload the JSON file via Data Import in the web frontend: /dashboard/import
3. Import the JSON bundle via the connector ImportFileStix2

Expected Output

Import succeeds and the resolves-to relationship is created between the two observables.

Actual Output

No relationship between the two observables is created.

One error results from the import:

{ "name": "FunctionalError", "message": "Only stix-core-relationship can be created through this method." }

Additional information

Example STIX2 JSON bundle:

{
  "id": "bundle--7a9f86ad-a114-404a-95c9-cc5c21e085d3",
  "objects": [
    {
      "description": "test",
      "id": "x-opencti-simple-observable--6e85bf65-6370-11ec-a769-005056b29af4",
      "key": "IPv4-Addr.value",
      "labels": [
        "test"
      ],
      "object_marking_refs": [
        "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
      ],
      "spec_version": "2.1",
      "type": "x-opencti-simple-observable",
      "value": "93.184.216.34"
    },
    {
      "description": "test",
      "id": "x-opencti-simple-observable--6e860765-6370-11ec-b916-005056b29af4",
      "key": "Domain-Name.value",
      "labels": [
        "test"
      ],
      "object_marking_refs": [
        "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
      ],
      "spec_version": "2.1",
      "type": "x-opencti-simple-observable",
      "value": "example.com"
    },
    {
      "confidence": 50,
      "created": "2021-12-01T07:35:30.001Z",
      "description": "test",
      "id": "relationship--6e864ebb-6370-11ec-b8bc-005056b29af4",
      "modified": "2021-12-01T23:59:59.000Z",
      "object_marking_refs": [
        "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
      ],
      "relationship_type": "resolves-to",
      "source_ref": "x-opencti-simple-observable--6e860765-6370-11ec-b916-005056b29af4",
      "spec_version": "2.1",
      "start_time": "2021-12-01T23:59:59.000Z",
      "stop_time": "2021-12-01T23:59:59.000Z",
      "target_ref": "x-opencti-simple-observable--6e85bf65-6370-11ec-a769-005056b29af4",
      "type": "relationship"
    }
  ],
  "type": "bundle"
}

[SamuelHassine]

Hello,

Please for the moment use stix_cyber_observable_relationship which refers to resolves_to_refs.

SRO resolves-to is conflicting with this one in the current OpenCTI implementation, we will fix this in the future.

Kind regards,
Samuel

[SamuelHassine]

resolves-to is now allowed as a STIX Core relationship since version 5.3.5.