STIX modeling
Question: How to Model Controlled Language Lists, Vocab or Enum in TypeQL
In Stix and other cybersecurity languages, Controlled Vocabularies are used to limit the allowable choices for a particular field. There are two types:
- Enum: A list of words that cannot be added to, e.g. Opinion, which is a scale
- Vocab A list of words that can be added to, e.g. Hash Algorithms, which can obviously increase
At the moment we control the choices through the UI, which pulls from the github, but is there a way to develop this control in TypeQL? We already have all of the lists of enums and vocab for each stix dialect available, how could we utilise these in TypeDB.
The modelling scenario is that an entity or relation will own an attribute, with a fixed, standards-based name, e.g. hash-type, which must be of a class Vocab, with a subclass of hash-algorithm-ov, and this sub-class has a pointer to the right list of words. One must load all of the Vocab and Enum lists, and have functions to then constrain the choices of values for particular attributes.
At the user interface level, we hold both the word, and a description for each word (e.g. tooltip on mouseover), but this seems less useful in the database, so the lists could just be simple lists of words, without an accompanying description. The lists can be unordered since their only purpose is to validate values in the database.
How should this best be modelled? How does the constraint on the words lists get applied? I assume we cant restrict from being updated, but we might be able to, through IAM?? Assume I have a free scenario, plus a cloud scenario. How can I accomplish this in TypeQL?
In Stix and other cybersecurity languages, Controlled Vocabularies are used to limit the allowable choices for a particular field. There are two types:
- Enum: A list of words that cannot be added to, e.g. Opinion, which is a scale
- Vocab A list of words that can be added to, e.g. Hash Algorithms, which can obviously increase
At the moment we control the choices through the UI, which pulls from the github, but is there a way to develop this control in TypeQL? We already have all of the lists of enums and vocab for each stix dialect available, how could we utilise these in TypeDB.
The modelling scenario is that an entity or relation will own an attribute, with a fixed, standards-based name, e.g. hash-type, which must be of a class Vocab, with a subclass of hash-algorithm-ov, and this sub-class has a pointer to the right list of words. One must load all of the Vocab and Enum lists, and have functions to then constrain the choices of values for particular attributes.
At the user interface level, we hold both the word, and a description for each word (e.g. tooltip on mouseover), but this seems less useful in the database, so the lists could just be simple lists of words, without an accompanying description. The lists can be unordered since their only purpose is to validate values in the database.
How should this best be modelled? How does the constraint on the words lists get applied? I assume we cant restrict from being updated, but we might be able to, through IAM?? Assume I have a free scenario, plus a cloud scenario. How can I accomplish this in TypeQL?
GitHub
Contribute to os-threat/stix2-dialect-definitions development by creating an account on GitHub.
