From 17830b2a72108e46b0e684286239f2417a63bc7f Mon Sep 17 00:00:00 2001 From: Rich Piazza Date: Wed, 27 Oct 2021 16:03:17 -0400 Subject: [PATCH] Update USAGE-CAPEC.md --- USAGE-CAPEC.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/USAGE-CAPEC.md b/USAGE-CAPEC.md index ef8709fbb1..c12be3754a 100644 --- a/USAGE-CAPEC.md +++ b/USAGE-CAPEC.md @@ -16,10 +16,11 @@ The STIX types are found as literal strings assigned to the `type` property of t The following is a table mapping of CAPEC properties to STIX properties. Some of these properties are standard STIX properties, while others were custom-created for compatibility with CAPEC. These properties are accessed from STIX objects as JSON properties. ### Attack Pattern Properties -| CAPEC 3.5 Property | STIX Properties | STIX type | +| CAPEC 3.6 Property | STIX Properties | STIX type | | --------------- | --------------- | --------------- | **Name** | `name` | string | **Description** | `description` | string +**Extended_Definition** | `x_capec_extended_definition` | string **Abstraction** | `x_capec_abstraction` | enumeration(`Meta, Standard, Detailed`) **Alternate\_Terms** | `x_capec_alternate_terms` | list(string) **Consequences** | `x_capec_consequences` | dictionary(enumeration(`High, Medium, Low`), string) @@ -36,7 +37,7 @@ The following is a table mapping of CAPEC properties to STIX properties. Some of **Mitigation** | `relationship_type == "mitigates"` | `relationship` ### Attack Pattern Relationships -| CAPEC 3.5 Relationship | STIX Properties | STIX type | +| CAPEC 3.6 Relationship | STIX Properties | STIX type | | --------------- | --------------- | --------------- | **parent_of** | `x_capec_parent_of_refs` | list(identifier) **child_of** | `x_capec_child_of_refs` | list(identifier) @@ -44,9 +45,9 @@ The following is a table mapping of CAPEC properties to STIX properties. Some of **can_follow** | `x_capec_can_follow_refs` | list(identifier) **peer_of** | `x_capec_peer_of_refs` | list(identifier) -CAPEC 3.5 properties not mapped (at this time): **Indicators**, **Taxonomy\_Mappings**, **Content\_History** +CAPEC 3.6 properties not mapped (at this time): **Indicators**, **Taxonomy\_Mappings**, **Content\_History** -CAPEC 3.5 properties not appropriate to map: **Status** +CAPEC 3.6 properties not appropriate to map: **Status** # Using Python and STIX 2.x In this section, we will describe how to query and manipulate CAPEC data that has been stored in a STIX 2.x repository. A Python library has been created for using and creating STIX 2.x data by the OASIS Technical Committee for Cyber Threat Intelligence, which develops the STIX standard. This library abstracts storage and transport details so that the same code can be used to interact with data locally on the filesystem or in memory, or remotely via [TAXII](https://oasis-open.github.io/cti-documentation/taxii/intro). The source code, installation instructions, and basic documentation for the library can be found [here](https://github.com/oasis-open/cti-python-stix2). There is a more thorough [API documentation](http://stix2.readthedocs.io/en/latest/overview.html) as well. @@ -115,6 +116,10 @@ get_mitigations_by_attack_pattern(fs, ap.id) The STIX CAPEC data is generated by a python script named `capec2stix`. In this section the changes to the script for each new CAPEC release is listed. +## Release for CAPEC 3.6 + +* Added the `x_capec_extended_definition` property + ## Release for CAPEC 3.5 * Added functionality to infer CAPEC ParentOf and CanFollow relationships: