Created "employed-by", "asset-of", "system-of" SRO's

os-threat · Feb 14, 2024 · 4d26ae9 · 4d26ae9
1 parent a331eb6
commit 4d26ae9
Showing 3 changed files with 46 additions and 3 deletions.
diff --git a/stixorm/module/definitions/os_threat/mappings/relations_sro_roles.json b/stixorm/module/definitions/os_threat/mappings/relations_sro_roles.json
@@ -82,5 +82,23 @@
     "typeql": "derived-from",
     "source": "result",
     "target": "raw-material"
+  },
+  {
+    "stix": "employed-by",
+    "typeql": "employed-by",
+    "source": "employer",
+    "target": "employee"
+  },
+  {
+    "stix": "asset-of",
+    "typeql": "asset-of",
+    "source": "asset-owner",
+    "target": "asset"
+  },
+  {
+    "stix": "system-of",
+    "typeql": "system-of",
+    "source": "system-owner",
+    "target": "system"
   }
 ]
diff --git a/stixorm/module/definitions/os_threat/schema/cti-os-threat.tql b/stixorm/module/definitions/os_threat/schema/cti-os-threat.tql
@@ -557,9 +557,25 @@ define
 		relates single-feed as pointed-to;
 
 
+    ##############################
+    # Custom SRO's
+    ########################
+    employed-by sub stix-core-relationship,
+		relates employer as source,
+		relates employee as target;
+
+    asset-of sub stix-core-relationship,
+		relates asset-owner as source,
+		relates asset as target;
+
+    system-of sub stix-core-relationship,
+		relates system-owner as source,
+		relates system as target;
+
     ##############################
     # Incident SRO's
     ########################
+
     led-to sub stix-core-relationship,
 		relates initial as source,
 		relates subsequent as target;
@@ -730,7 +746,13 @@ define
         plays assigned:owner,
         plays participated-in:contact,
         plays provided-by:reporter,
-        plays identity-ext:identity-base;
+        plays identity-ext:identity-base,
+        plays employed-by:employer,
+        plays employed-by:employee,
+        plays asset-of:asset-owner,
+        plays asset-of:asset,
+        plays system-of:system-owner,
+        plays system-of:system;
 
 	infrastructure
 	    plays impacts:impacted;

diff --git a/stixorm/module/orm/export_utilities.py b/stixorm/module/orm/export_utilities.py
@@ -210,8 +210,11 @@ def process_value(p):
     """
     if p.is_datetime():
         nt_obj = p.get_value()
-        dt_obj = nt_obj.astimezone(timezone.utc)
-        ret_value = dt_obj.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
+        #dt_obj = nt_obj.astimezone(timezone.utc)
+        dt = nt_obj.strftime("%Y-%m-%dT%H:%M:%S.%f")
+        millisecs = int(round(nt_obj.microsecond/1000))
+        dt_split = dt.split('.')
+        ret_value = dt_split[0] + "." + str(millisecs) + "Z"
     else:
         ret_value = p.get_value()