The underlying content for the StixORM has changed significantly.
Some of the old, empty directories are gone, and in their place is two new full ones, oca and attack_flow. Note that oca contains both Indicators of Behaviour (IoB) and Kestrel threat hunting objects.
Thus there are now 5 content directories, some new, others with changes:
- attack, updated to the latest version
- attack_flow, new
- oca, new
- os_threat, updated Incident model
- stix21, extension model added
Each of these new directories has the:
- data directory, where the property name models are held
- sub_objects directory, where the property names are held
- mappings directory, where the key ORM content is held, including an object conversion list
- schema directory, where the schema is loaded from
- classes file, where the Python classes are defined
- dunder init file, where the classes and data are exposed
We need the Definition Factory updated so all of the key machinery works only for the case of "All Imports", this is to be the only/default setting. All environments load together.
Once the All Imports works correctly, and I get the schema's to load, I also need some coaching on the error handing on your return object
The underlying content for the StixORM has changed significantly.
Some of the old, empty directories are gone, and in their place is two new full ones, oca and attack_flow. Note that oca contains both Indicators of Behaviour (IoB) and Kestrel threat hunting objects.
Thus there are now 5 content directories, some new, others with changes:
Each of these new directories has the:
We need the Definition Factory updated so all of the key machinery works only for the case of "All Imports", this is to be the only/default setting. All environments load together.
Once the All Imports works correctly, and I get the schema's to load, I also need some coaching on the error handing on your return object