Skip to content

v1.0.5
Compare
Choose a tag to compare
@seansica seansica released this 07 Nov 12:35
· 11 commits to main since this release
1.0.5
5ed8f93
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Version 1.0.5 - Enhanced STIX Data Ingestion and MongoDB Document Tracking

This release introduces significant improvements to the TAXII server’s data ingestion and storage mechanisms, optimizing how STIX data is retrieved from Workbench, validated, and stored in MongoDB.

Changes:

  • Hydrate MongoDB from Workbench /api/stix-bundle:

    • The TAXII server now retrieves STIX objects from Workbench’s /api/stix-bundle endpoint instead of /api/attack-objects, enabling native ingestion of both STIX 2.0 and 2.1 objects.
    • Six REST calls are now made (for each ATT&CK domain and STIX version) instead of one. The slight overhead is offset by eliminating the need for complex, manual version conversion in the TAXII code.

  • Removal of DTO Wrappers for STIX/ATT&CK Objects:

    • Removed DTO wrappers for STIX objects to avoid potential issues with missing properties during serialization.
    • This update allows all attributes of STIX objects to pass through as-is, reducing maintenance risks and preventing data loss due to incomplete DTOs.
    • Future data validation will be handled by the ATT&CK Data Model (ADM), specifically the stixBundleSchema, once full compatibility with Nest.js is feasible.

  • New created_at Timestamp:

    • Added a created_at timestamp at the root of each document in MongoDB to mark when the object was added to the database.
    • This property allows for enhanced metadata tracking and can support future optimizations in data querying.

Endpoint Validation:

All primary TAXII endpoints were validated to ensure compatibility and correct functionality with the new data ingestion strategy:

  • Server Discovery
  • Get API Root Information
  • Get Collections
  • Get A Collection
  • Get Objects (with accurate property representation)
  • Get An Object (fully tested with match filters)
  • Get Object Manifests
  • Get Object Versions

Impact Notice: This release does not introduce breaking changes. However, it optimizes data ingestion and validation, simplifying the maintenance of STIX data and ensuring accurate data representation in MongoDB.

We recommend all users upgrade to this version to leverage the new, efficient handling of STIX objects and the enhanced data tracking capabilities.

For more details on TAXII and STIX structures, please refer to the TAXII 2.1 Specification.

Assets 2
Loading