Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add well defined support for indicator-to-object mapping. #35
Would you consider building a more well defined method to make a many-to-many relationship between stix indicators and cybox observables?
It would be nice to have an agreed upon method for any stix indicator to map to any number of cybox observables. Perhaps an email address indicator manifesting itself by multiple cybox represented mail files.
On that same token, have multiple stix indicators come from a single cybox observable. With the above example, the email address indicator comes out of all cybox formatted mail files, but an IP address indicator comes out of a subset of them.
I have not found a good way to do this, and using the bindings directly end up with an extremely obscure final XML document that I have a hard time believing anyone could understand anyway.