Relationship type compatibility tables#
The sections on this page describe the available relationship types for each source/target entity combination, and their STIX compatibility.
A relationship is an object that links two entities together:
a ‘source’ entity, and
a ‘target’ entity.
Depending on the source and target entity, certain relationship types are available for use. These relationship types have varying compatibility with STIX 2.1 and STIX 1.2.
For more information about relationship objects and STIX compatibility, see Relationships.
Attack-pattern#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
attack-pattern |
delivers |
malware |
NO |
YES |
NO |
attack-pattern |
related-to |
attack-pattern |
YES |
YES |
NO |
attack-pattern |
related-to |
campaign |
YES |
YES |
NO |
attack-pattern |
related-to |
course-of-action |
YES |
YES |
NO |
attack-pattern |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
attack-pattern |
related-to |
incident |
YES |
YES |
NO |
attack-pattern |
related-to |
indicator |
YES |
YES |
NO |
attack-pattern |
related-to |
infrastructure |
YES |
YES |
NO |
attack-pattern |
related-to |
intrusion-set |
YES |
YES |
NO |
attack-pattern |
related-to |
location |
YES |
YES |
NO |
attack-pattern |
related-to |
malware-analysis |
YES |
YES |
NO |
attack-pattern |
related-to |
report |
YES |
YES |
NO |
attack-pattern |
related-to |
threat-actor |
YES |
YES |
NO |
attack-pattern |
related-to |
ttp |
YES |
YES |
NO |
attack-pattern |
targets |
identity |
YES |
YES |
NO |
attack-pattern |
targets |
location |
YES |
YES |
NO |
attack-pattern |
targets |
vulnerability |
YES |
YES |
NO |
attack-pattern |
uses |
malware |
YES |
YES |
NO |
attack-pattern |
uses |
tool |
YES |
YES |
NO |
Campaign#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
campaign |
associated-to |
campaign |
NO |
NO |
YES |
campaign |
attributed-to |
intrusion-set |
YES |
YES |
NO |
campaign |
attributed-to |
threat-actor |
YES |
YES |
NO |
campaign |
compromises |
infrastructure |
NO |
YES |
NO |
campaign |
originates-from |
location |
NO |
YES |
NO |
campaign |
related-to |
campaign |
YES |
YES |
NO |
campaign |
related-to |
course-of-action |
YES |
YES |
NO |
campaign |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
campaign |
related-to |
incident |
YES |
YES |
NO |
campaign |
related-to |
indicator |
YES |
YES |
NO |
campaign |
related-to |
location |
YES |
YES |
NO |
campaign |
related-to |
malware-analysis |
YES |
YES |
NO |
campaign |
related-to |
report |
YES |
YES |
NO |
campaign |
related-to |
ttp |
YES |
YES |
YES |
campaign |
targets |
identity |
YES |
YES |
YES |
campaign |
targets |
location |
NO |
YES |
NO |
campaign |
targets |
vulnerability |
YES |
YES |
NO |
campaign |
uses |
attack-pattern |
YES |
YES |
NO |
campaign |
uses |
infrastructure |
YES |
YES |
NO |
campaign |
uses |
malware |
YES |
YES |
NO |
campaign |
uses |
tool |
YES |
YES |
NO |
Course-of-action#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
course-of-action |
investigates |
indicator |
YES |
YES |
NO |
course-of-action |
mitigates |
attack-pattern |
YES |
YES |
NO |
course-of-action |
mitigates |
indicator |
NO |
YES |
NO |
course-of-action |
mitigates |
malware |
YES |
YES |
NO |
course-of-action |
mitigates |
tool |
YES |
YES |
NO |
course-of-action |
mitigates |
vulnerability |
YES |
YES |
NO |
course-of-action |
related-to |
campaign |
YES |
YES |
NO |
course-of-action |
related-to |
course-of-action |
YES |
YES |
YES |
course-of-action |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
course-of-action |
related-to |
identity |
YES |
YES |
NO |
course-of-action |
related-to |
incident |
YES |
YES |
NO |
course-of-action |
related-to |
infrastructure |
YES |
YES |
NO |
course-of-action |
related-to |
intrusion-set |
YES |
YES |
NO |
course-of-action |
related-to |
location |
YES |
YES |
NO |
course-of-action |
related-to |
malware-analysis |
YES |
YES |
NO |
course-of-action |
related-to |
report |
YES |
YES |
NO |
course-of-action |
related-to |
threat-actor |
YES |
YES |
NO |
course-of-action |
related-to |
ttp |
YES |
YES |
NO |
course-of-action |
remediates |
malware |
NO |
YES |
NO |
course-of-action |
remediates |
vulnerability |
NO |
YES |
NO |
Sighting#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
eclecticiq-sighting |
related-to |
attack-pattern |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
campaign |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
course-of-action |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
eclecticiq-sighting |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
identity |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
incident |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
indicator |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
infrastructure |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
intrusion-set |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
location |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
malware |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
malware-analysis |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
report |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
threat-actor |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
tool |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
ttp |
YES |
NO |
NO |
eclecticiq-sighting |
related-to |
vulnerability |
YES |
YES |
NO |
Identity#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
identity |
located-at |
location |
YES |
YES |
NO |
identity |
related-to |
attack-pattern |
YES |
YES |
NO |
identity |
related-to |
campaign |
YES |
YES |
NO |
identity |
related-to |
course-of-action |
YES |
YES |
NO |
identity |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
identity |
related-to |
identity |
YES |
YES |
NO |
identity |
related-to |
incident |
YES |
YES |
NO |
identity |
related-to |
indicator |
YES |
YES |
NO |
identity |
related-to |
infrastructure |
YES |
YES |
NO |
identity |
related-to |
intrusion-set |
YES |
YES |
NO |
identity |
related-to |
malware |
YES |
YES |
NO |
identity |
related-to |
malware-analysis |
YES |
YES |
NO |
identity |
related-to |
report |
YES |
YES |
NO |
identity |
related-to |
threat-actor |
YES |
YES |
NO |
identity |
related-to |
tool |
YES |
YES |
NO |
identity |
related-to |
ttp |
YES |
YES |
NO |
identity |
related-to |
vulnerability |
YES |
YES |
NO |
Incident#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
incident |
attributed-to |
threat-actor |
NO |
YES |
YES |
incident |
leveraged |
ttp |
YES |
YES |
YES |
incident |
related-to |
attack-pattern |
YES |
YES |
NO |
incident |
related-to |
campaign |
YES |
YES |
NO |
incident |
related-to |
course-of-action |
YES |
YES |
NO |
incident |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
incident |
related-to |
identity |
YES |
YES |
NO |
incident |
related-to |
incident |
YES |
YES |
YES |
incident |
related-to |
indicator |
YES |
YES |
YES |
incident |
related-to |
infrastructure |
YES |
YES |
NO |
incident |
related-to |
intrusion-set |
YES |
YES |
NO |
incident |
related-to |
location |
YES |
YES |
NO |
incident |
related-to |
malware |
YES |
YES |
NO |
incident |
related-to |
malware-analysis |
YES |
YES |
NO |
incident |
related-to |
report |
YES |
YES |
NO |
incident |
related-to |
threat-actor |
YES |
YES |
NO |
incident |
related-to |
tool |
YES |
YES |
NO |
incident |
related-to |
vulnerability |
YES |
YES |
NO |
Indicator#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
indicator |
indicates |
attack-pattern |
YES |
YES |
NO |
indicator |
indicates |
campaign |
YES |
YES |
NO |
indicator |
indicates |
infrastructure |
YES |
YES |
NO |
indicator |
indicates |
intrusion-set |
YES |
YES |
NO |
indicator |
indicates |
malware |
YES |
YES |
NO |
indicator |
indicates |
threat-actor |
YES |
YES |
NO |
indicator |
indicates |
tool |
YES |
YES |
NO |
indicator |
related-to |
campaign |
NO |
YES |
YES |
indicator |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
indicator |
related-to |
identity |
YES |
YES |
NO |
indicator |
related-to |
incident |
YES |
YES |
NO |
indicator |
related-to |
indicator |
YES |
YES |
YES |
indicator |
related-to |
location |
YES |
YES |
NO |
indicator |
related-to |
malware-analysis |
YES |
YES |
NO |
indicator |
related-to |
report |
YES |
YES |
NO |
indicator |
related-to |
ttp |
YES |
YES |
YES |
indicator |
related-to |
vulnerability |
YES |
YES |
NO |
indicator |
suggests |
course-of-action |
YES |
NO |
YES |
Infrastructure#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
infrastructure |
communicates-with |
infrastructure |
NO |
YES |
NO |
infrastructure |
consists-of |
infrastructure |
NO |
YES |
NO |
infrastructure |
controls |
infrastructure |
NO |
YES |
NO |
infrastructure |
controls |
malware |
NO |
YES |
NO |
infrastructure |
delivers |
malware |
NO |
YES |
NO |
infrastructure |
has |
vulnerability |
YES |
YES |
NO |
infrastructure |
hosts |
malware |
NO |
YES |
NO |
infrastructure |
hosts |
tool |
YES |
YES |
NO |
infrastructure |
located-at |
location |
YES |
YES |
NO |
infrastructure |
related-to |
attack-pattern |
YES |
YES |
NO |
infrastructure |
related-to |
campaign |
YES |
YES |
NO |
infrastructure |
related-to |
course-of-action |
YES |
YES |
NO |
infrastructure |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
infrastructure |
related-to |
identity |
YES |
YES |
NO |
infrastructure |
related-to |
incident |
YES |
YES |
NO |
infrastructure |
related-to |
indicator |
YES |
YES |
NO |
infrastructure |
related-to |
infrastructure |
YES |
YES |
NO |
infrastructure |
related-to |
intrusion-set |
YES |
YES |
NO |
infrastructure |
related-to |
malware |
YES |
YES |
NO |
infrastructure |
related-to |
malware-analysis |
YES |
YES |
NO |
infrastructure |
related-to |
report |
YES |
YES |
NO |
infrastructure |
related-to |
threat-actor |
YES |
YES |
NO |
infrastructure |
related-to |
ttp |
YES |
YES |
NO |
infrastructure |
uses |
infrastructure |
NO |
YES |
NO |
Intrusion-set#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
intrusion-set |
attributed-to |
threat-actor |
YES |
YES |
NO |
intrusion-set |
compromises |
infrastructure |
NO |
YES |
NO |
intrusion-set |
hosts |
infrastructure |
NO |
YES |
NO |
intrusion-set |
originates-from |
location |
NO |
YES |
NO |
intrusion-set |
owns |
infrastructure |
NO |
YES |
NO |
intrusion-set |
related-to |
campaign |
YES |
YES |
NO |
intrusion-set |
related-to |
course-of-action |
YES |
YES |
NO |
intrusion-set |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
intrusion-set |
related-to |
incident |
YES |
YES |
NO |
intrusion-set |
related-to |
indicator |
YES |
YES |
NO |
intrusion-set |
related-to |
intrusion-set |
YES |
YES |
NO |
intrusion-set |
related-to |
location |
YES |
YES |
NO |
intrusion-set |
related-to |
malware-analysis |
YES |
YES |
NO |
intrusion-set |
related-to |
report |
YES |
YES |
NO |
intrusion-set |
related-to |
ttp |
YES |
YES |
NO |
intrusion-set |
targets |
identity |
YES |
YES |
NO |
intrusion-set |
targets |
location |
NO |
YES |
NO |
intrusion-set |
targets |
vulnerability |
YES |
YES |
NO |
intrusion-set |
uses |
attack-pattern |
YES |
YES |
NO |
intrusion-set |
uses |
infrastructure |
YES |
YES |
NO |
intrusion-set |
uses |
malware |
YES |
YES |
NO |
intrusion-set |
uses |
tool |
YES |
YES |
NO |
Location#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
location |
related-to |
attack-pattern |
YES |
YES |
NO |
location |
related-to |
campaign |
YES |
YES |
NO |
location |
related-to |
course-of-action |
YES |
YES |
NO |
location |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
location |
related-to |
identity |
YES |
YES |
NO |
location |
related-to |
incident |
YES |
YES |
NO |
location |
related-to |
indicator |
YES |
YES |
NO |
location |
related-to |
infrastructure |
YES |
YES |
NO |
location |
related-to |
intrusion-set |
YES |
YES |
NO |
location |
related-to |
location |
YES |
YES |
NO |
location |
related-to |
malware |
YES |
YES |
NO |
location |
related-to |
malware-analysis |
YES |
YES |
NO |
location |
related-to |
report |
YES |
YES |
NO |
location |
related-to |
threat-actor |
YES |
YES |
NO |
location |
related-to |
tool |
YES |
YES |
NO |
location |
related-to |
ttp |
YES |
YES |
NO |
location |
related-to |
vulnerability |
YES |
YES |
NO |
Malware#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
malware |
authored-by |
intrusion-set |
YES |
YES |
NO |
malware |
authored-by |
threat-actor |
YES |
YES |
NO |
malware |
beacons-to |
infrastructure |
NO |
YES |
NO |
malware |
controls |
malware |
NO |
YES |
NO |
malware |
downloads |
malware |
NO |
YES |
NO |
malware |
downloads |
tool |
NO |
YES |
NO |
malware |
drops |
malware |
NO |
YES |
NO |
malware |
drops |
tool |
NO |
YES |
NO |
malware |
exfiltrates-to |
infrastructure |
NO |
YES |
NO |
malware |
exploits |
vulnerability |
YES |
YES |
NO |
malware |
originates-from |
location |
NO |
YES |
NO |
malware |
related-to |
campaign |
YES |
YES |
NO |
malware |
related-to |
course-of-action |
YES |
YES |
NO |
malware |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
malware |
related-to |
incident |
YES |
YES |
NO |
malware |
related-to |
location |
YES |
YES |
NO |
malware |
related-to |
malware-analysis |
YES |
YES |
NO |
malware |
related-to |
report |
YES |
YES |
NO |
malware |
related-to |
ttp |
YES |
YES |
NO |
malware |
targets |
identity |
YES |
YES |
NO |
malware |
targets |
infrastructure |
NO |
YES |
NO |
malware |
targets |
location |
NO |
YES |
NO |
malware |
targets |
vulnerability |
NO |
YES |
NO |
malware |
uses |
attack-pattern |
YES |
YES |
NO |
malware |
uses |
infrastructure |
YES |
YES |
NO |
malware |
uses |
malware |
YES |
YES |
NO |
malware |
uses |
tool |
YES |
YES |
NO |
malware |
variant-of |
malware |
NO |
YES |
NO |
Malware-analysis#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
malware-analysis |
analysis-of |
malware |
YES |
YES |
NO |
malware-analysis |
characterizes |
malware |
NO |
YES |
NO |
malware-analysis |
dynamic-analysis-of |
malware |
NO |
YES |
NO |
malware-analysis |
related-to |
attack-pattern |
YES |
YES |
NO |
malware-analysis |
related-to |
campaign |
YES |
YES |
NO |
malware-analysis |
related-to |
course-of-action |
YES |
YES |
NO |
malware-analysis |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
malware-analysis |
related-to |
identity |
YES |
YES |
NO |
malware-analysis |
related-to |
incident |
YES |
YES |
NO |
malware-analysis |
related-to |
indicator |
YES |
YES |
NO |
malware-analysis |
related-to |
infrastructure |
YES |
YES |
NO |
malware-analysis |
related-to |
intrusion-set |
YES |
YES |
NO |
malware-analysis |
related-to |
location |
YES |
YES |
NO |
malware-analysis |
related-to |
malware-analysis |
YES |
YES |
NO |
malware-analysis |
related-to |
report |
YES |
YES |
NO |
malware-analysis |
related-to |
threat-actor |
YES |
YES |
NO |
malware-analysis |
related-to |
tool |
YES |
YES |
NO |
malware-analysis |
related-to |
ttp |
YES |
YES |
NO |
malware-analysis |
related-to |
vulnerability |
YES |
YES |
NO |
malware-analysis |
static-analysis-of |
malware |
NO |
YES |
NO |
Report#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
report |
related-to |
attack-pattern |
YES |
YES |
NO |
report |
related-to |
campaign |
YES |
YES |
YES |
report |
related-to |
course-of-action |
YES |
YES |
NO |
report |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
report |
related-to |
identity |
YES |
YES |
NO |
report |
related-to |
incident |
YES |
YES |
NO |
report |
related-to |
indicator |
YES |
YES |
NO |
report |
related-to |
infrastructure |
YES |
YES |
NO |
report |
related-to |
intrusion-set |
YES |
YES |
NO |
report |
related-to |
location |
YES |
YES |
NO |
report |
related-to |
malware |
YES |
YES |
NO |
report |
related-to |
malware-analysis |
YES |
YES |
NO |
report |
related-to |
report |
YES |
YES |
YES |
report |
related-to |
threat-actor |
YES |
YES |
NO |
report |
related-to |
tool |
YES |
YES |
NO |
report |
related-to |
vulnerability |
YES |
YES |
NO |
report |
reports |
campaign |
NO |
YES |
YES |
report |
reports |
course-of-action |
NO |
YES |
YES |
report |
reports |
incident |
NO |
YES |
YES |
report |
reports |
indicator |
NO |
YES |
YES |
report |
reports |
threat-actor |
NO |
NO |
YES |
report |
reports |
ttp |
YES |
NO |
YES |
report |
reports |
vulnerability |
NO |
YES |
YES |
Threat-actor#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
threat-actor |
associated-to |
campaign |
NO |
YES |
YES |
threat-actor |
associated-to |
threat-actor |
YES |
YES |
YES |
threat-actor |
attributed-to |
identity |
NO |
YES |
NO |
threat-actor |
compromises |
infrastructure |
NO |
YES |
NO |
threat-actor |
hosts |
infrastructure |
NO |
YES |
NO |
threat-actor |
impersonates |
identity |
NO |
YES |
NO |
threat-actor |
located-at |
location |
NO |
YES |
NO |
threat-actor |
observed |
ttp |
YES |
YES |
YES |
threat-actor |
owns |
infrastructure |
NO |
YES |
NO |
threat-actor |
related-to |
campaign |
YES |
YES |
YES |
threat-actor |
related-to |
course-of-action |
YES |
YES |
NO |
threat-actor |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
threat-actor |
related-to |
incident |
YES |
YES |
NO |
threat-actor |
related-to |
indicator |
YES |
YES |
NO |
threat-actor |
related-to |
intrusion-set |
YES |
YES |
NO |
threat-actor |
related-to |
location |
YES |
YES |
NO |
threat-actor |
related-to |
malware-analysis |
YES |
YES |
NO |
threat-actor |
related-to |
report |
YES |
YES |
NO |
threat-actor |
targets |
identity |
YES |
YES |
NO |
threat-actor |
targets |
location |
NO |
YES |
NO |
threat-actor |
targets |
vulnerability |
YES |
YES |
NO |
threat-actor |
uses |
attack-pattern |
YES |
YES |
NO |
threat-actor |
uses |
infrastructure |
YES |
YES |
NO |
threat-actor |
uses |
malware |
YES |
YES |
NO |
threat-actor |
uses |
tool |
YES |
YES |
NO |
Tool#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
tool |
delivers |
malware |
YES |
YES |
NO |
tool |
drops |
malware |
NO |
YES |
NO |
tool |
has |
vulnerability |
NO |
YES |
NO |
tool |
related-to |
attack-pattern |
YES |
YES |
NO |
tool |
related-to |
campaign |
YES |
YES |
NO |
tool |
related-to |
course-of-action |
YES |
YES |
NO |
tool |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
tool |
related-to |
identity |
YES |
YES |
NO |
tool |
related-to |
incident |
YES |
YES |
NO |
tool |
related-to |
indicator |
YES |
YES |
NO |
tool |
related-to |
intrusion-set |
YES |
YES |
NO |
tool |
related-to |
location |
YES |
YES |
NO |
tool |
related-to |
malware |
YES |
YES |
NO |
tool |
related-to |
malware-analysis |
YES |
YES |
NO |
tool |
related-to |
report |
YES |
YES |
NO |
tool |
related-to |
threat-actor |
YES |
YES |
NO |
tool |
related-to |
tool |
YES |
YES |
NO |
tool |
related-to |
ttp |
YES |
YES |
NO |
tool |
targets |
identity |
YES |
YES |
NO |
tool |
targets |
infrastructure |
NO |
YES |
NO |
tool |
targets |
location |
YES |
YES |
NO |
tool |
targets |
vulnerability |
YES |
YES |
NO |
tool |
uses |
infrastructure |
YES |
YES |
NO |
TTP#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
ttp |
exploits |
vulnerability |
YES |
YES |
YES |
ttp |
related-to |
attack-pattern |
YES |
YES |
NO |
ttp |
related-to |
campaign |
YES |
YES |
NO |
ttp |
related-to |
course-of-action |
YES |
YES |
NO |
ttp |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
ttp |
related-to |
identity |
YES |
YES |
NO |
ttp |
related-to |
incident |
YES |
YES |
NO |
ttp |
related-to |
indicator |
YES |
YES |
NO |
ttp |
related-to |
infrastructure |
YES |
YES |
NO |
ttp |
related-to |
intrusion-set |
YES |
YES |
NO |
ttp |
related-to |
location |
YES |
YES |
NO |
ttp |
related-to |
malware |
YES |
YES |
NO |
ttp |
related-to |
malware-analysis |
YES |
YES |
NO |
ttp |
related-to |
report |
YES |
YES |
NO |
ttp |
related-to |
threat-actor |
YES |
YES |
NO |
ttp |
related-to |
tool |
YES |
YES |
NO |
ttp |
related-to |
ttp |
YES |
YES |
YES |
Vulnerability#
Source entity |
Relationship type |
Target entity |
Default suggestion |
STIX 2.1 compatible |
STIX 1.2 compatible |
---|---|---|---|---|---|
vulnerability |
related-to |
attack-pattern |
YES |
YES |
NO |
vulnerability |
related-to |
campaign |
YES |
YES |
NO |
vulnerability |
related-to |
course-of-action |
YES |
YES |
YES |
vulnerability |
related-to |
eclecticiq-sighting |
YES |
YES |
NO |
vulnerability |
related-to |
identity |
YES |
YES |
NO |
vulnerability |
related-to |
incident |
YES |
YES |
NO |
vulnerability |
related-to |
indicator |
YES |
YES |
NO |
vulnerability |
related-to |
infrastructure |
YES |
YES |
NO |
vulnerability |
related-to |
intrusion-set |
YES |
YES |
NO |
vulnerability |
related-to |
location |
YES |
YES |
NO |
vulnerability |
related-to |
malware |
YES |
YES |
NO |
vulnerability |
related-to |
malware-analysis |
YES |
YES |
NO |
vulnerability |
related-to |
report |
YES |
YES |
NO |
vulnerability |
related-to |
threat-actor |
YES |
YES |
NO |
vulnerability |
related-to |
tool |
YES |
YES |
NO |
vulnerability |
related-to |
ttp |
YES |
YES |
NO |
vulnerability |
related-to |
vulnerability |
YES |
YES |
YES |