STIX 2 Relationship Objects
Modified on: Wed, 5 May, 2021 at 1:58 AM
STIX2 Sighting
| Display Name | STIX2 Sighting |
| Entity Name | maltego.STIX2.sighting |
| Short Description | A Sighting denotes the belief that something in CTI (e.g., an indicator, malware, tool, threat actor, etc.) was seen. |
| Entity Category | STIX 2 relationship objects |
| Base Entities | maltego.STIX2.core |
Entity Properties
| type | type | string | The type of this object, which MUST be the literal sighting. | sighting |
| s pec_version | s pec_version | string | The version of the STIX sp ecification used to represent this object. | |
| id | id | string | | |
| cre ated_by_ref | cre ated_by_ref | string | The ID of the Source object that describes who created this object. | |
| labels | labels | string[] | The labels property specifies a set of terms used to describe this object. | |
| created | created | string | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest m illisecond. | |
| modified | modified | string | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest m illisecond. | |
| revoked | revoked | string | The revoked property indicates whether the object has been revoked. | |
| confidence | confidence | string | Identifies the confidence that the creator has in the correctness of their data. | |
| lang | lang | string | Identifies the language of the text content in this object. | |
| external _references | external _references | string[] | A list of external references which refers to non-STIX i nformation. | |
| object_m arking_refs | object_m arking_refs | string[] | The list of marking -definition objects to be applied to this object. | |
| granul ar_markings | granul ar_markings | string[] | The set of granular markings that apply to this object. | |
| description | description | string | A description that provides more details and context about the Sighting. | |
| first_seen | first_seen | string | The beginning of the time window during which the SDO referenced by the sigh ting_of_ref property was sighted. | |
| last_seen | last_seen | string | The end of the time window during which the SDO referenced by the sigh ting_of_ref property was sighted. | |
| count | count | string | This is an integer between 0 and 999,999,999 inclusive and represents the number of times the object was sighted. | |
| sigh ting_of_ref | sigh ting_of_ref | string | An ID reference to the object that has been sighted. | |
| observe d_data_refs | observe d_data_refs | string[] | A list of ID references to the Observed Data objects that contain the raw cyber data for this Sighting. | |
| where_s ighted_refs | where_s ighted_refs | string[] | A list of ID references to the Identity or Location objects describing the entities or types of entities that saw the sighting. | |
| summary | summary | string | The summary property indicates whether the Sighting should be considered summary data. | |
| rec overy_prope rty_mapping | rec overy_prope rty_mapping | string | The mapping of Maltego internal property names to STIX property names used for this entity. | {} |
Entity Description
A Sighting denotes the belief that something in CTI (e.g., an indicator, malware, tool, threat actor, etc.) was seen.
STIX2 Relationship
| Display Name | STIX2 Relationship |
| Entity Name | maltego.STIX2.relationship |
| Short Description | The Relationship object is used to link together two SDOs in order to describe how they are related to each other. |
| Entity Category | STIX 2 relationship objects |
| Base Entities | maltego.STIX2.core |
Entity Properties
| type | type | string | The type of this object, which MUST be the literal rela tionship. | r elationship |
| s pec_version | s pec_version | string | The version of the STIX sp ecification used to represent this object. | |
| id | id | string | | |
| cre ated_by_ref | cre ated_by_ref | string | The ID of the Source object that describes who created this object. | |
| labels | labels | string[] | The labels property specifies a set of terms used to describe this object. | |
| created | created | string | The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest m illisecond. | |
| modified | modified | string | The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest m illisecond. | |
| revoked | revoked | string | The revoked property indicates whether the object has been revoked. | |
| confidence | confidence | string | Identifies the confidence that the creator has in the correctness of their data. | |
| lang | lang | string | Identifies the language of the text content in this object. | |
| external _references | external _references | string[] | A list of external references which refers to non-STIX i nformation. | |
| object_m arking_refs | object_m arking_refs | string[] | The list of marking -definition objects to be applied to this object. | |
| granul ar_markings | granul ar_markings | string[] | The set of granular markings that apply to this object. | |
| relati onship_type | relati onship_type | string | The name used to identify the type of re lationship. | |
| description | description | string | A description that helps provide context about the re lationship. | |
| source_ref | source_ref | string | The ID of the source (from) object. | |
| target_ref | target_ref | string | The ID of the target (to) object. | |
| start_time | start_time | string | This optional timestamp represents the earliest time at which the R elationship between the objects exists. If this property is a future timestamp, at the time the updated property is defined, then this represents an estimate by the producer of the i ntelligence of the earliest time at which r elationship will be asserted to be true. | |
| stop_time | stop_time | string | The latest time at which the R elationship between the objects exists. If this property is a future timestamp, at the time the updated property is defined, then this represents an estimate by the producer of the i ntelligence of the latest time at which r elationship will be asserted to be true. | |
| rec overy_prope rty_mapping | rec overy_prope rty_mapping | string | The mapping of Maltego internal property names to STIX property names used for this entity. | {} |
Entity Description
The Relationship object is used to link together two SDOs in order to describe how they are related to each other.