diff --git a/README.md b/README.md
index 83e5fd2c..2e18e3a3 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,13 @@ Read the [README](commerce/bookstore/README.md) file for instructions. Check [th
or the initial [dataset](commerce/bookstore/python/data) for additional information. All logic accessible in the script
files in the [python](commerce/bookstore/python) directory.
+### [Cybersecurity: Cyber Threat Intellingence](cybersecurity/cyber_threat_intelligence)
+
+The Cyber Threat Intelligence example uses Spring Boot to showcase usage of CTI dataset into TypeDB and executing queries on this data.
+In this project, we use TypeDB to represent a queryable database of relevant CTI data about some threat actors and their targets.
+We can query the database either with a REST API or a GraphQL API through the dedicated web interface.
+
+
### [Finance: Fraud Detection](finance/fraud_detection)
The Fraud Detection example uses Quarkus, the Supersonic Subatomic Java Framework in order to let us present results with GraphQL.
diff --git a/cybersecurity/cyber_threat_intelligence/README.md b/cybersecurity/cyber_threat_intelligence/README.md
new file mode 100644
index 00000000..6b9da462
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/README.md
@@ -0,0 +1,129 @@
+# Fraud Detection TypeDB Example
+
+This project utilizes Spring Boot and GraphQL to access a TypeDB database filled with Cyber Threat Intelligence (CTI) related dataset.
+The application provides a GraphQL API to interact with the CTI data stored in the TypeDB database.
+
+
+## Introduction
+
+We have a MITRE ATTACK dataset and our application implements some research functions:
+
+- Search entities
+- Search relations
+- Search schema
+
+
+We are demonstrating sub-typing, powerful rules and rule combination in our schema.
+####
+We can also see how easy it is to create complex queries using query composition.
+####
+We are using the DAO design pattern, we have the following components on which our design depends:
+
+- The model which is transferred from one layer to the other.
+- The interfaces which provide a flexible design.
+- The interface implementation which is a concrete implementation of the persistence logic.
+
+The query composition can be observed in all DAOs.
+```java
+String search = "$ta has " + type + " = " + name + ";";
+String getQueryStr = "match " + ATTRIBUTED_TO_MATCH + search + "group $id;";
+```
+
+## Running the application in dev mode
+
+1. Checkout this repository: `git clone https://github.com/vaticle/typedb-driver-examples && cd typedb-driver-examples/cybersecurity/cyber_threat_intelligence`.
+2. Start the [TypeDB Server](http://docs.vaticle.com/docs/running-typedb/install-and-run#start-the-typedb-server). Check that it's listening to address: `0.0.0.0:1729`.
+3. You can run your application in dev mode that enables live coding using (you will need at least Java19):
+```shell script
+mvn clean install
+```
+4. Run the Spring Boot application:
+```
+mvn spring-boot:run.
+```
+5. The GraphQL API will be available at http://localhost:8080/graphiql.
+6. The REST API will be available at ```{{base_url}}```
+7. You can now use the chosen interface to query the database.
+
+## TypeDB Description
+
+### Schema
+
+The schema is stored in the `schema_CTI.tql` file under [src/main/resources/](src/main/resources/schema_CTI.tql).
+
+#### Entities
+
+The schema has the following entities:
+
+- stix_core_object
+ - stix_sub_object
+ - kill_chain_phase
+ - stix_cyber_observable_object
+ - file
+ - stix_domain_object
+ - identity
+ - class
+ - group
+ - idUnknown
+ - individual
+ - system
+ - indicator
+ - malware
+ - threat_actor
+
+#### Relations
+
+The schema has the following relations:
+- stix_core_relationship
+ - attributed_to
+ - created_by
+ - hashes
+ - impersonates
+ - indicates
+ - kill_chain_phases
+ - sightings
+ - targets
+ - uses
+
+#### Rules
+
+The fraudDetection schema has three rules to demonstrate rules usability.
+
+The first one is here to create a transitive uses relation between three stix_domain_object linked by uses relations.
+
+```
+rule transitive_use:
+ when {
+ $x isa stix_domain_object, has name $name1;
+ $y isa stix_domain_object, has name $name2;
+ $z isa stix_domain_object, has name $name3;
+ $use1 (used_by: $x, used: $y) isa uses;
+ $use2 (used_by: $y, used: $z) isa uses;
+ } then {
+ (used_by: $x, used: $z) isa uses;
+ };
+```
+The second one works to create a uses relation between two stix_domain_object that are linked by an attributed_to relation and a uses relation.
+
+```
+rule attributed_to_when_using:
+ when {
+ (attributing: $x, attributed: $y) isa attributed_to;
+ (used_by: $y, used: $z) isa uses;
+ } then {
+ (used_by: $x, used: $z) isa uses;
+ };
+```
+
+
+The second one works to create a targets relation between two stix_domain_object that are linked by an attributed_to relation and a targets relation.
+```
+rule attributed_to_when_targeting:
+ when {
+ (attributing: $x, attributed: $y) isa attributed_to;
+ (targeting: $y, targeted: $z) isa targets;
+ } then {
+ (targeting: $x, targeted: $z) isa targets;
+ };
+```
+
diff --git a/cybersecurity/cyber_threat_intelligence/pom.xml b/cybersecurity/cyber_threat_intelligence/pom.xml
new file mode 100644
index 00000000..9e0bfe14
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/pom.xml
@@ -0,0 +1,106 @@
+
+
+ 4.0.0
+
+ org.springframework.boot
+ spring-boot-starter-parent
+ 3.0.6
+
+
+ com.example
+ demo
+ 0.0.1-SNAPSHOT
+ demo
+ Demo project for Spring Boot
+
+ 20
+
+
+
+ repo.vaticle.com
+ https://repo.vaticle.com/repository/maven/
+
+
+
+
+ com.vaticle.typedb
+ typedb-client
+ 2.17.1
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+ 2.6.3
+
+
+ com.fasterxml.jackson.dataformat
+ jackson-dataformat-xml
+ 2.4.0
+
+
+ org.springframework
+ spring-context
+
+
+ javax.inject
+ javax.inject
+ 1
+
+
+ javax.enterprise
+ cdi-api
+ 1.2
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ 2.6.3
+ test
+
+
+ com.graphql-java
+ graphql-spring-boot-starter
+ 3.9.2
+
+
+ com.graphql-java
+ graphql-java-tools
+ 4.3.0
+
+
+ org.springframework.boot
+ spring-boot-starter-graphql
+
+
+ com.tailrocks.graphql
+ graphql-datetime-spring-boot-starter
+ 6.0.0
+
+
+ org.projectlombok
+ lombok
+
+
+ com.graphql-java
+ graphql-java-extended-scalars
+ 20.2
+
+
+ commons-collections
+ commons-collections
+ 3.2.2
+ compile
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+
+
+
+
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/Main.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/Main.java
new file mode 100644
index 00000000..6778ffbe
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/Main.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+//@EnableConfigurationProperties(AppConfiguration.class)
+public class Main {
+ public static void main(String[] args) {
+ SpringApplication.run(Main.class, args);
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/configuration/AppConfiguration.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/configuration/AppConfiguration.java
new file mode 100644
index 00000000..5877722f
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/configuration/AppConfiguration.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.configuration;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class AppConfiguration {
+
+ @Value("${typedb.host}")
+ String address;
+
+ @Value("${typedb.port}")
+ String port;
+
+ @Value("${typedb.db}")
+ String database;
+
+ @Value("${typedb.schema}")
+ String schema;
+
+ @Value("${typedb.dataset}")
+ String dataset;
+
+ public String getAddress() {
+ return address;
+ }
+
+ public void setAddress(String address) {
+ this.address = address;
+ }
+
+ public String getPort() {
+ return port;
+ }
+
+ public void setPort(String port) {
+ this.port = port;
+ }
+
+ public String getDatabase() {
+ return database;
+ }
+
+ public void setDatabase(String database) {
+ this.database = database;
+ }
+
+ public String getSchema() {
+ return schema;
+ }
+
+ public void setSchema(String schema) {
+ this.schema = schema;
+ }
+
+ public String getDataset() {
+ return dataset;
+ }
+
+ public void setDataset(String dataset) {
+ this.dataset = dataset;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/configuration/GraphQlConfiguration.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/configuration/GraphQlConfiguration.java
new file mode 100644
index 00000000..37756da0
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/configuration/GraphQlConfiguration.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.configuration;
+
+import graphql.scalars.ExtendedScalars;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.graphql.execution.RuntimeWiringConfigurer;
+
+@Configuration
+public class GraphQlConfiguration {
+
+ @Bean
+ public RuntimeWiringConfigurer runtimeWiringConfigurer() {
+ return wiringBuilder -> wiringBuilder.scalar(ExtendedScalars.Json);
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/ClassController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/ClassController.java
new file mode 100644
index 00000000..0825ccd4
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/ClassController.java
@@ -0,0 +1,59 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.identity.Class;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class ClassController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public ClassController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getClass")
+ @GetMapping(value = "/class", produces = "application/json")
+ public ObjectNode getClassJSON() {
+ EntityDAO classDAO = new EntityDAO<>(wrapper, Class.nameEnt, Class.typeString);
+ return classDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/class-beans", produces = "application/json")
+ public Set getClassBeans() throws JsonProcessingException {
+ EntityDAO classDAO = new EntityDAO<>(wrapper, Class.nameEnt, Class.typeString);
+ return classDAO.findAllBeans();
+ }
+
+ @QueryMapping(value = "getClassSearch")
+ @GetMapping(value = "/class/{type}/{name}", produces = "application/json")
+ public ObjectNode getClassSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO classDAO = new EntityDAO<>(wrapper, Class.nameEnt, Class.typeString);
+ return classDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getClassSearchBeans")
+ @GetMapping("/class-beans/{type}/{name}")
+ public Set getClassSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO classDAO = new EntityDAO<>(wrapper, Class.nameEnt, Class.typeString);
+ return classDAO.searchBeans(type, name);
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/FileController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/FileController.java
new file mode 100644
index 00000000..11bc59ac
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/FileController.java
@@ -0,0 +1,59 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.observable.File;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class FileController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public FileController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getFile")
+ @GetMapping(value = "/file", produces = "application/json")
+ public ObjectNode getFileJSON() {
+ EntityDAO fileDAO = new EntityDAO<>(wrapper, File.nameEnt, File.typeString);
+ return fileDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/file-beans", produces = "application/json")
+ public Set getFileBeans() throws JsonProcessingException {
+ EntityDAO fileDAO = new EntityDAO<>(wrapper, File.nameEnt, File.typeString);
+ return fileDAO.findAllBeans();
+ }
+
+ @QueryMapping(value = "getFileSearch")
+ @GetMapping(value = "/file/{type}/{name}", produces = "application/json")
+ public ObjectNode getFileSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO fileDAO = new EntityDAO<>(wrapper, File.nameEnt, File.typeString);
+ return fileDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getFileSearchBeans")
+ @GetMapping("/file-beans/{type}/{name}")
+ public Set getFileSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO fileDAO = new EntityDAO<>(wrapper, File.nameEnt, File.typeString);
+ return fileDAO.searchBeans(type, name);
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/GroupController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/GroupController.java
new file mode 100644
index 00000000..00c8ddbb
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/GroupController.java
@@ -0,0 +1,60 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.identity.Group;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class GroupController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public GroupController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getGroupSearch")
+ @GetMapping(value = "/group/{type}/{name}", produces = "application/json")
+ public ObjectNode getGroupSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO groupDAO = new EntityDAO<>(wrapper, Group.nameEnt, Group.typeString);
+ return groupDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getGroupSearchBeans")
+ @GetMapping("/group-beans/{type}/{name}")
+ public Set getGroupSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO groupDAO = new EntityDAO<>(wrapper, Group.nameEnt, Group.typeString);
+ return groupDAO.searchBeans(type, name);
+ }
+
+ @QueryMapping(value = "getGroup")
+ @GetMapping(value = "/group", produces = "application/json")
+ public ObjectNode getGroupJSON() {
+ EntityDAO groupDAO = new EntityDAO<>(wrapper, Group.nameEnt, Group.typeString);
+ return groupDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/group-beans", produces = "application/json")
+ public Set getGroupBeans() throws JsonProcessingException {
+ EntityDAO groupDAO = new EntityDAO<>(wrapper, Group.nameEnt, Group.typeString);
+ return groupDAO.findAllBeans();
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IdUnknownController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IdUnknownController.java
new file mode 100644
index 00000000..e130f947
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IdUnknownController.java
@@ -0,0 +1,60 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.identity.IdUnknown;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class IdUnknownController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public IdUnknownController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getIdUnknown")
+ @GetMapping(value = "/id-unknown", produces = "application/json")
+ public ObjectNode getIdUnknownJSON() {
+ EntityDAO idUnknownDAO = new EntityDAO<>(wrapper, IdUnknown.nameEnt, IdUnknown.typeString);
+ return idUnknownDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/id-unknown-beans", produces = "application/json")
+ public Set getIdUnknownBeans() throws JsonProcessingException {
+ EntityDAO idUnknownDAO = new EntityDAO<>(wrapper, IdUnknown.nameEnt, IdUnknown.typeString);
+ return idUnknownDAO.findAllBeans();
+ }
+
+ @QueryMapping(value = "getIdUnknownSearch")
+ @GetMapping(value = "/id-unknown/{type}/{name}", produces = "application/json")
+ public ObjectNode getIdUnknownSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO idUnknownDAO = new EntityDAO<>(wrapper, IdUnknown.nameEnt, IdUnknown.typeString);
+ return idUnknownDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getIdUnknownSearchBeans")
+ @GetMapping("/id-unknown-beans/{type}/{name}")
+ public Set getIdUnknownSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAOidUnknownDAO = new EntityDAO<>(wrapper, IdUnknown.nameEnt, IdUnknown.typeString);
+ return idUnknownDAO.searchBeans(type, name);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IdentityController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IdentityController.java
new file mode 100644
index 00000000..62e2f564
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IdentityController.java
@@ -0,0 +1,60 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.Identity;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class IdentityController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public IdentityController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getIdentity")
+ @GetMapping(value = "/identity", produces = "application/json")
+ public ObjectNode getIdentityJSON() {
+ EntityDAO identityDAO = new EntityDAO<>(wrapper, Identity.nameEnt, Identity.typeString);
+ return identityDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/identity-beans", produces = "application/json")
+ public Set getIdentityBeans() throws JsonProcessingException {
+ EntityDAO identityDAO = new EntityDAO<>(wrapper, Identity.nameEnt, Identity.typeString);
+ return identityDAO.findAllBeans();
+ }
+
+ @QueryMapping(value = "getIdentitySearch")
+ @GetMapping(value = "/identity/{type}/{name}", produces = "application/json")
+ public ObjectNode getIdentitySearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO identityDAO = new EntityDAO<>(wrapper, Identity.nameEnt, Identity.typeString);
+ return identityDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getIdentitySearchBeans")
+ @GetMapping("/identity-beans/{type}/{name}")
+ public Set getIdentitySearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO identityDAO = new EntityDAO<>(wrapper, Identity.nameEnt, Identity.typeString);
+ return identityDAO.searchBeans(type, name);
+ }
+
+}
\ No newline at end of file
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IndicatorController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IndicatorController.java
new file mode 100644
index 00000000..c488c460
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IndicatorController.java
@@ -0,0 +1,59 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.Indicator;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class IndicatorController{
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public IndicatorController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getIndicator")
+ @GetMapping(value = "/indicator", produces = "application/json")
+ public ObjectNode getIndicatorJSON() {
+ EntityDAO indicatorDAO = new EntityDAO<>(wrapper, Indicator.nameEnt, Indicator.typeString);
+ return indicatorDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/indicator-beans", produces = "application/json")
+ public Set getIndicatorBeans() throws JsonProcessingException {
+ EntityDAO indicatorDAO = new EntityDAO<>(wrapper, Indicator.nameEnt, Indicator.typeString);
+ return indicatorDAO.findAllBeans();
+ }
+
+ @QueryMapping(value = "getIndicatorSearch")
+ @GetMapping(value = "/indicator/{type}/{name}", produces = "application/json")
+ public ObjectNode getIndicatorSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO indicatorDAO = new EntityDAO<>(wrapper, Indicator.nameEnt, Indicator.typeString);
+ return indicatorDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getIndicatorSearchBeans")
+ @GetMapping("/indicator-beans/{type}/{name}")
+ public Set getIndicatorSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO indicatorDAO = new EntityDAO<>(wrapper, Indicator.nameEnt, Indicator.typeString);
+ return indicatorDAO.searchBeans(type, name);
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IndividualController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IndividualController.java
new file mode 100644
index 00000000..bd56c698
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/IndividualController.java
@@ -0,0 +1,60 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.identity.Individual;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class IndividualController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public IndividualController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getIndividualSearch")
+ @GetMapping(value = "/individual/{type}/{name}", produces = "application/json")
+ public ObjectNode getIndividualSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO individualDAO = new EntityDAO<>(wrapper, Individual.nameEnt, Individual.typeString);
+ return individualDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getIndividualSearchBeans")
+ @GetMapping("/individual-beans/{type}/{name}")
+ public Set getIndividualSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO individualDAO = new EntityDAO<>(wrapper, Individual.nameEnt, Individual.typeString);
+ return individualDAO.searchBeans(type, name);
+ }
+
+ @QueryMapping(value = "getIndividual")
+ @GetMapping(value = "/individual", produces = "application/json")
+ public ObjectNode getIndividualJSON() {
+ EntityDAO individualDAO = new EntityDAO<>(wrapper, Individual.nameEnt, Individual.typeString);
+ return individualDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/individual-beans", produces = "application/json")
+ public Set getIndividualBeans() throws JsonProcessingException {
+ EntityDAO individualDAO = new EntityDAO<>(wrapper, Individual.nameEnt, Individual.typeString);
+ return individualDAO.findAllBeans();
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/KillChainPhaseController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/KillChainPhaseController.java
new file mode 100644
index 00000000..7f89fe89
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/KillChainPhaseController.java
@@ -0,0 +1,60 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.KillChainPhase;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class KillChainPhaseController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public KillChainPhaseController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getKillChainPhaseSearch")
+ @GetMapping(value = "/kill-chain-phase/{type}/{name}", produces = "application/json")
+ public ObjectNode getKillChainPhaseSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO killChainPhaseDAO = new EntityDAO<>(wrapper, KillChainPhase.nameEnt, KillChainPhase.typeString);
+ return killChainPhaseDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getKillChainPhaseSearchBeans")
+ @GetMapping("/kill-chain-phase-beans/{type}/{name}")
+ public Set getKillChainPhaseSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO killChainPhaseDAO = new EntityDAO<>(wrapper, KillChainPhase.nameEnt, KillChainPhase.typeString);
+ return killChainPhaseDAO.searchBeans(type, name);
+ }
+
+ @QueryMapping(value = "getKillChainPhase")
+ @GetMapping(value = "/kill-chain-phase", produces = "application/json")
+ public ObjectNode getKillChainPhaseJSON() {
+ EntityDAO killChainPhaseDAO = new EntityDAO<>(wrapper, KillChainPhase.nameEnt, KillChainPhase.typeString);
+ return killChainPhaseDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/kill-chain-phase-beans", produces = "application/json")
+ public Set getKillChainPhaseBeans() throws JsonProcessingException {
+ EntityDAO killChainPhaseDAO = new EntityDAO<>(wrapper, KillChainPhase.nameEnt, KillChainPhase.typeString);
+ return killChainPhaseDAO.findAllBeans();
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/MalwareController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/MalwareController.java
new file mode 100644
index 00000000..d8557813
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/MalwareController.java
@@ -0,0 +1,59 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.Malware;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class MalwareController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public MalwareController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getMalware")
+ @GetMapping(value = "/malware", produces = "application/json")
+ public ObjectNode getMalwareJSON() {
+ EntityDAO malwareDAO = new EntityDAO<>(wrapper, Malware.nameEnt, Malware.typeString);
+ return malwareDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/malware-beans", produces = "application/json")
+ public Set getMalwareBeans() throws JsonProcessingException {
+ EntityDAO malwareDAO = new EntityDAO<>(wrapper, Malware.nameEnt, Malware.typeString);
+ return malwareDAO.findAllBeans();
+ }
+
+ @QueryMapping(value = "getMalwareSearch")
+ @GetMapping(value = "/malware/{type}/{name}", produces = "application/json")
+ public ObjectNode getMalwareSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO malwareDAO = new EntityDAO<>(wrapper, Malware.nameEnt, Malware.typeString);
+ return malwareDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getMalwareSearchBeans")
+ @GetMapping("/malware-beans/{type}/{name}")
+ public Set getMalwareSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO malwareDAO = new EntityDAO<>(wrapper, Malware.nameEnt, Malware.typeString);
+ return malwareDAO.searchBeans(type, name);
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/SystemController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/SystemController.java
new file mode 100644
index 00000000..610f9853
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/SystemController.java
@@ -0,0 +1,60 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.identity.System;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class SystemController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public SystemController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getSystem")
+ @GetMapping(value = "/system", produces = "application/json")
+ public ObjectNode getSystemJSON() {
+ EntityDAO systemDAO = new EntityDAO<>(wrapper, System.nameEnt, System.typeString);
+ return systemDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/system-beans", produces = "application/json")
+ public Set getSystemBeans() throws JsonProcessingException {
+ EntityDAO systemDAO = new EntityDAO<>(wrapper, System.nameEnt, System.typeString);
+ return systemDAO.findAllBeans();
+ }
+
+ @QueryMapping(value = "getSystemSearch")
+ @GetMapping(value = "/system/{type}/{name}", produces = "application/json")
+ public ObjectNode getSystemSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO systemDAO = new EntityDAO<>(wrapper, System.nameEnt, System.typeString);
+ return systemDAO.search(type, name);
+ }
+
+ @QueryMapping(value = "getSystemSearchBeans")
+ @GetMapping("/system-beans/{type}/{name}")
+ public Set getSystemSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO systemDAO = new EntityDAO<>(wrapper, System.nameEnt, System.typeString);
+ return systemDAO.searchBeans(type, name);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/ThreatActorController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/ThreatActorController.java
new file mode 100644
index 00000000..f8d6f08f
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/entities/ThreatActorController.java
@@ -0,0 +1,62 @@
+package com.typedb.examples.cti.controllers.entities;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.EntityDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.domain.ThreatActor;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Set;
+
+@RestController
+
+public class ThreatActorController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public ThreatActorController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getThreatActor")
+ @GetMapping(value = "/threat-actor", produces = "application/json")
+ public ObjectNode getThreatActorJSON() {
+ EntityDAO threatActorDAO = new EntityDAO<>(wrapper, ThreatActor.nameEnt, ThreatActor.typeString);
+ return threatActorDAO.findAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/threat-actor-beans", produces = "application/json")
+ public Set getThreatActorBeans() throws JsonProcessingException {
+ EntityDAO threatActorDAO = new EntityDAO<>(wrapper, ThreatActor.nameEnt, ThreatActor.typeString);
+ return threatActorDAO.findAllBeans();
+ }
+
+ @QueryMapping(value = "getThreatActorSearch")
+ @GetMapping(value = "/threat-actor/{type}/{name}", produces = "application/json")
+ public ObjectNode getThreatActorSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ EntityDAO threatActorDAO = new EntityDAO<>(wrapper, ThreatActor.nameEnt, ThreatActor.typeString);
+ return threatActorDAO.search(type, name);
+ }
+
+
+ @QueryMapping(value = "getThreatActorSearchBeans")
+ @GetMapping("/threat-actor-beans/{type}/{name}")
+ public Set getThreatActorSearchBeans(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) throws JsonProcessingException {
+ EntityDAO threatActorDAO = new EntityDAO<>(wrapper, ThreatActor.nameEnt, ThreatActor.typeString);
+ return threatActorDAO.searchBeans(type, name);
+ }
+
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/AttributedToController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/AttributedToController.java
new file mode 100644
index 00000000..21379663
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/AttributedToController.java
@@ -0,0 +1,45 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.ext.AttributedTo;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class AttributedToController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public AttributedToController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getAttributedTo")
+ @GetMapping(value = "/attributed-to", produces = "application/json")
+ public ObjectNode getAttributedToJSON() {
+ RelationDAO attributedToDAO = new RelationDAO(wrapper, AttributedTo.nameRel,
+ AttributedTo.rolePlayers, AttributedTo.typeString);
+ return attributedToDAO.findAll();
+ }
+
+ @QueryMapping(value = "getAttributedToSearch")
+ @GetMapping(value = "/attributed-to/{type}/{name}", produces = "application/json")
+ public ObjectNode getAttributedToSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ RelationDAO attributedToDAO = new RelationDAO(wrapper, AttributedTo.nameRel,
+ AttributedTo.rolePlayers, AttributedTo.typeString);
+ return attributedToDAO.search(type, name);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/CreatedByController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/CreatedByController.java
new file mode 100644
index 00000000..e1e68985
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/CreatedByController.java
@@ -0,0 +1,36 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.ext.CreatedBy;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class CreatedByController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public CreatedByController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getCreatedBy")
+ @GetMapping(value = "/created-by", produces = "application/json")
+ public ObjectNode getCreatedByJSON() {
+ RelationDAO createdByDAO = new RelationDAO(wrapper, CreatedBy.nameRel,
+ CreatedBy.rolePlayers, CreatedBy.typeString);
+
+ return createdByDAO.findAll();
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/ExternalReferencesController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/ExternalReferencesController.java
new file mode 100644
index 00000000..7462333c
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/ExternalReferencesController.java
@@ -0,0 +1,35 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.ext.ExternalReferences;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class ExternalReferencesController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public ExternalReferencesController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getExternalReferences")
+ @GetMapping(value = "/external-references", produces = "application/json")
+ public ObjectNode getExternalReferencesJSON() {
+ RelationDAO externalReferencesDAO = new RelationDAO(wrapper, ExternalReferences.nameRel,
+ ExternalReferences.rolePlayers, ExternalReferences.typeString);
+ return externalReferencesDAO.findAll();
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/HashesController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/HashesController.java
new file mode 100644
index 00000000..bba67ec8
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/HashesController.java
@@ -0,0 +1,45 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.ext.Hashes;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class HashesController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public HashesController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getHashes")
+ @GetMapping(value = "/hashes", produces = "application/json")
+ public ObjectNode getHashesJSON() {
+ RelationDAO hashesDAO = new RelationDAO(wrapper, Hashes.nameRel,
+ Hashes.rolePlayers, Hashes.typeString, true);
+ return hashesDAO.findAll();
+ }
+
+ @QueryMapping(value = "getHashesSearch")
+ @GetMapping(value = "/hashes/{type}/{name}", produces = "application/json")
+ public ObjectNode getHashesSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ RelationDAO hashesDAO = new RelationDAO(wrapper, Hashes.nameRel,
+ Hashes.rolePlayers, Hashes.typeString, true);
+ return hashesDAO.search(type, name);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/ImpersonatesController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/ImpersonatesController.java
new file mode 100644
index 00000000..5562c7fc
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/ImpersonatesController.java
@@ -0,0 +1,45 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.Impersonates;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class ImpersonatesController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public ImpersonatesController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getImpersonates")
+ @GetMapping(value = "/impersonates", produces = "application/json")
+ public ObjectNode getImpersonatesJSON() {
+ RelationDAO impersonatesDAO = new RelationDAO(wrapper, Impersonates.nameRel,
+ Impersonates.rolePlayers, Impersonates.typeString);
+ return impersonatesDAO.findAll();
+ }
+
+ @QueryMapping(value = "getImpersonatesSearch")
+ @GetMapping(value = "/impersonates/{type}/{name}", produces = "application/json")
+ public ObjectNode getImpersonatesSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ RelationDAO impersonatesDAO = new RelationDAO(wrapper, Impersonates.nameRel,
+ Impersonates.rolePlayers, Impersonates.typeString);
+ return impersonatesDAO.search(type, name);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/IndicatesController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/IndicatesController.java
new file mode 100644
index 00000000..d315463f
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/IndicatesController.java
@@ -0,0 +1,45 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.Indicates;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class IndicatesController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public IndicatesController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getIndicates")
+ @GetMapping(value = "/indicates", produces = "application/json")
+ public ObjectNode getIndicatesJSON() {
+ RelationDAO indicatesDAO = new RelationDAO(wrapper, Indicates.nameRel,
+ Indicates.rolePlayers, Indicates.typeString);
+ return indicatesDAO.findAll();
+ }
+
+ @QueryMapping(value = "getIndicatesSearch")
+ @GetMapping(value = "/indicates/{type}/{name}", produces = "application/json")
+ public ObjectNode getIndicatesSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ RelationDAO indicatesDAO = new RelationDAO(wrapper, Indicates.nameRel,
+ Indicates.rolePlayers, Indicates.typeString);
+ return indicatesDAO.search(type, name);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/KillChainPhasesController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/KillChainPhasesController.java
new file mode 100644
index 00000000..498ab84e
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/KillChainPhasesController.java
@@ -0,0 +1,35 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.ext.KillChainPhases;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class KillChainPhasesController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public KillChainPhasesController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getKillChainPhases")
+ @GetMapping(value = "/kill-chain-phases", produces = "application/json")
+ public ObjectNode getKillChainPhasesJSON() {
+ RelationDAO killChainPhasesDAO = new RelationDAO(wrapper, KillChainPhases.nameRel,
+ KillChainPhases.rolePlayers, KillChainPhases.typeString);
+ return killChainPhasesDAO.findAll();
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/SightingController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/SightingController.java
new file mode 100644
index 00000000..a1362ffc
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/SightingController.java
@@ -0,0 +1,45 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.Sighting;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class SightingController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public SightingController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getSighting")
+ @GetMapping(value = "/sighting", produces = "application/json")
+ public ObjectNode getSightingJSON() {
+ RelationDAO sightingDAO = new RelationDAO(wrapper, Sighting.nameRel,
+ Sighting.rolePlayers, Sighting.typeString);
+ return sightingDAO.findAll();
+ }
+
+ @QueryMapping(value = "getSightingSearch")
+ @GetMapping(value = "/sighting/{type}/{name}", produces = "application/json")
+ public ObjectNode getSightingSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ RelationDAO sightingDAO = new RelationDAO(wrapper, Sighting.nameRel,
+ Sighting.rolePlayers, Sighting.typeString);
+ return sightingDAO.search(type, name);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/TargetsController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/TargetsController.java
new file mode 100644
index 00000000..36df828c
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/TargetsController.java
@@ -0,0 +1,45 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.Targets;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class TargetsController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public TargetsController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getTargets")
+ @GetMapping(value = "/targets", produces = "application/json")
+ public ObjectNode getTargetsJSON() {
+ RelationDAO targetsDAO = new RelationDAO(wrapper, Targets.nameRel,
+ Targets.rolePlayers, Targets.typeString);
+ return targetsDAO.findAll();
+ }
+
+ @QueryMapping(value = "getTargetsSearch")
+ @GetMapping(value = "/targets/{type}/{name}", produces = "application/json")
+ public ObjectNode getTargetsSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ RelationDAO targetsDAO = new RelationDAO(wrapper, Targets.nameRel,
+ Targets.rolePlayers, Targets.typeString);
+ return targetsDAO.search(type, name);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/UsesController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/UsesController.java
new file mode 100644
index 00000000..2f8a061a
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/relations/UsesController.java
@@ -0,0 +1,45 @@
+package com.typedb.examples.cti.controllers.relations;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.RelationDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.typedb.examples.cti.model.relationship.Uses;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.Argument;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class UsesController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public UsesController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping(value = "getUses")
+ @GetMapping(value = "/uses", produces = "application/json")
+ public ObjectNode getUsesJSON() {
+ RelationDAO usesDAO = new RelationDAO(wrapper, Uses.nameRel,
+ Uses.rolePlayers, Uses.typeString, true);
+ return usesDAO.findAll();
+ }
+
+ @QueryMapping(value = "getUsesSearch")
+ @GetMapping(value = "/uses/{type}/{name}", produces = "application/json")
+ public ObjectNode getUsesSearchJSON(@Argument("type") @PathVariable String type, @Argument("name") @PathVariable String name) {
+ RelationDAO usesDAO = new RelationDAO(wrapper, Uses.nameRel,
+ Uses.rolePlayers, Uses.typeString);
+ return usesDAO.search(type, name);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/schemas/SchemaController.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/schemas/SchemaController.java
new file mode 100644
index 00000000..999f8e22
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/controllers/schemas/SchemaController.java
@@ -0,0 +1,40 @@
+package com.typedb.examples.cti.controllers.schemas;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import com.typedb.examples.cti.db.SchemaDAO;
+import com.typedb.examples.cti.db.TypeDBSessionWrapper;
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.graphql.data.method.annotation.QueryMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+
+public class SchemaController {
+
+ private final TypeDBSessionWrapper wrapper;
+
+ @Autowired
+ public SchemaController(AppConfiguration appConfiguration) {
+ TypeDBClient client = TypeDB.coreClient(appConfiguration.getAddress() + ":" + appConfiguration.getPort());
+ wrapper = new TypeDBSessionWrapper(client, appConfiguration);
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/schema", produces = "application/json")
+ public ObjectNode getSchema() {
+ SchemaDAO schemaDAO = new SchemaDAO(wrapper);
+ return schemaDAO.getSchemaAll();
+ }
+
+ @QueryMapping
+ @GetMapping(value = "/schema-current", produces = "application/json")
+ public ObjectNode getSchemaCurrent() {
+ SchemaDAO schemaDAO = new SchemaDAO(wrapper);
+ return schemaDAO.getSchemaCurrent();
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/EntityDAO.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/EntityDAO.java
new file mode 100644
index 00000000..aadb02a1
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/EntityDAO.java
@@ -0,0 +1,69 @@
+package com.typedb.examples.cti.db;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+public class EntityDAO {
+ protected static final String ENT_MATCH =
+ "$%s isa %s, has stix_id $id, has $attribute;" +
+ "$attribute isa! $j; ";
+
+ private final String nameEnt;
+ private final TypeDBSessionWrapper db;
+ private final List typeString;
+ private final ObjectMapper objectMapper;
+
+ public EntityDAO(TypeDBSessionWrapper db, String nameEnt, List typeString) {
+ this.db = db;
+ this.nameEnt = nameEnt;
+ this.typeString = typeString;
+ objectMapper = new ObjectMapper();
+ objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+ }
+
+ private ObjectNode find(String getQueryStr) {
+ return db.getAllJSON(getQueryStr);
+ }
+
+ public ObjectNode findAll() {
+ String query = String.format(ENT_MATCH, nameEnt, nameEnt);
+ var getQueryStr = "match " + query + "group $id; ";
+ return find(getQueryStr);
+ }
+
+ public Set findAllBeans() throws JsonProcessingException {
+ ObjectNode json = findAll();
+ Map result= objectMapper.readValue(json.toString(), new TypeReference<>() {});
+
+ return new HashSet<>(result.values());
+ }
+
+ public ObjectNode search(String attrType, String attrName) {
+
+ if (typeString.contains(attrType)) {
+ attrName = "\"" + attrName + "\"";
+ }
+ String query = String.format(ENT_MATCH, nameEnt, nameEnt);
+ String search = "$" + nameEnt + " has " + attrType + " = " + attrName + ";";
+ var getQueryStr = "match " + query + search + "group $id;";
+
+ return find(getQueryStr);
+ }
+
+ public Set searchBeans(String attrType, String attrName) throws JsonProcessingException {
+ ObjectNode json = search(attrType, attrName);
+ Map result= objectMapper.readValue(json.toString(), new TypeReference<>() {});
+
+ return new HashSet<>(result.values());
+ }
+
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/RelationDAO.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/RelationDAO.java
new file mode 100644
index 00000000..67662728
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/RelationDAO.java
@@ -0,0 +1,65 @@
+package com.typedb.examples.cti.db;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
+import java.util.List;
+
+public class RelationDAO {
+ private final String nameRel;
+ private final TypeDBSessionWrapper db;
+ private final List typeString;
+ private final List rolePlayers;
+ private final boolean asAttribute;
+ private String relMatch = "$ta (%s: $rp1, %s: $rp2) isa %s, has stix_id $id, has $attribute; $attribute isa! $j; ";
+
+
+
+ public RelationDAO(TypeDBSessionWrapper db, String nameRel, List rolePlayers, List typeString) {
+ this.db = db;
+ this.nameRel = nameRel;
+ this.typeString = typeString;
+ this.rolePlayers = rolePlayers;
+ this.asAttribute = false;
+ }
+
+ public RelationDAO(TypeDBSessionWrapper db, String nameRel, List rolePlayers, List typeString, boolean asAttribute) {
+ this.db = db;
+ this.nameRel = nameRel;
+ this.typeString = typeString;
+ this.rolePlayers = rolePlayers;
+ this.asAttribute = asAttribute;
+ if(asAttribute) {
+ this.relMatch = "$ta (%s: $rp1, %s: $rp2) isa %s, has $attribute; $attribute isa! $j; ";
+ }
+ }
+
+ private ObjectNode find(String getQueryStr) {
+ if (asAttribute) {
+ return db.getListAttrJSON(getQueryStr, nameRel, rolePlayers, true);
+ }
+ return db.getRelJSON(getQueryStr, nameRel, rolePlayers);
+ }
+
+ public ObjectNode findAll() {
+ String query = String.format(relMatch, rolePlayers.get(0), rolePlayers.get(1), nameRel);
+ var getQueryStr = "match " + query;
+ getQueryStr += (asAttribute) ? "group $ta; " : "group $id; ";
+
+ return find(getQueryStr);
+ }
+
+ public ObjectNode search(String attrType, String attrName) {
+
+ if (typeString.contains(attrType)) {
+ attrName = "\"" + attrName + "\"";
+ }
+
+ String query = String.format(relMatch, rolePlayers.get(0), rolePlayers.get(1), nameRel);
+ String search = "$ta has " + attrType + " = " + attrName + ";";
+ var getQueryStr = "match " + query + search;
+ getQueryStr += (asAttribute) ? "group $ta; " : "group $id; ";
+
+ return find(getQueryStr);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/SchemaDAO.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/SchemaDAO.java
new file mode 100644
index 00000000..3ac0916c
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/SchemaDAO.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.db;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
+public class SchemaDAO {
+ private static final String QUERY_ALL = "match $z sub thing;";
+ private static final String QUERY_CURRENT = "match $x isa $y; get $y;";
+ private final TypeDBSessionWrapper db;
+
+ public SchemaDAO(TypeDBSessionWrapper db) {
+ this.db = db;
+ }
+
+ private ObjectNode find(String query) {
+ return db.getSchemaJSON(query);
+ }
+
+ public ObjectNode getSchemaAll() {
+ return find(QUERY_ALL);
+ }
+
+ public ObjectNode getSchemaCurrent() {
+ return find(QUERY_CURRENT);
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/TypeDBSessionWrapper.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/TypeDBSessionWrapper.java
new file mode 100644
index 00000000..0f5ad70d
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/db/TypeDBSessionWrapper.java
@@ -0,0 +1,293 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.db;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import com.vaticle.typedb.client.api.TypeDBOptions;
+import com.vaticle.typedb.client.api.TypeDBSession;
+import com.vaticle.typedb.client.api.TypeDBTransaction;
+import com.vaticle.typedb.client.api.answer.ConceptMap;
+import com.vaticle.typedb.common.collection.Pair;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.List;
+
+public class TypeDBSessionWrapper {
+ private final AppConfiguration appConfiguration;
+ private final TypeDBClient client;
+ private TypeDBSession session;
+
+ @Autowired
+ public TypeDBSessionWrapper(TypeDBClient client, AppConfiguration appConfiguration) {
+ this.appConfiguration = appConfiguration;
+ this.client = client;
+ if (this.client.databases().contains(appConfiguration.getDatabase())) {
+ session = this.client.session(appConfiguration.getDatabase(), TypeDBSession.Type.DATA,
+ TypeDBOptions.core().infer(true));
+ }
+ }
+
+ private Pair extractPair(ConceptMap values) {
+ var json = values.toJSON().get("attribute");
+ var key = json.asObject().get("type").asString();
+ var valueTmp = json.asObject().get("value");
+ String value;
+ if (valueTmp.isString()) {
+ value = valueTmp.asString();
+ } else {
+ value = valueTmp.toString();
+ }
+ return (new Pair<>(key, value));
+ }
+
+ public ObjectNode getAllJSON(String query) {
+ newSession();
+ ObjectMapper mapper = new ObjectMapper();
+ ObjectNode rootNode = mapper.createObjectNode();
+ try (TypeDBTransaction readTx = session.transaction(TypeDBTransaction.Type.READ)) {
+
+ var dbResults = readTx.query().matchGroup(query);
+ dbResults.forEach(e -> {
+ String key = e.owner().toJSON().toString().split("\"")[11];
+ ObjectNode childNode = mapper.createObjectNode();
+ e.conceptMaps().forEach(m -> {
+ var pair = extractPair(m);
+ childNode.put(pair.first(), pair.second());
+ });
+ rootNode.set(key, childNode);
+ });
+ }
+ return rootNode;
+ }
+
+ public ObjectNode getIIDJSON(String query) {
+ newSession();
+ ObjectMapper mapper = new ObjectMapper();
+ ObjectNode rootNode = mapper.createObjectNode();
+ try (TypeDBTransaction readTx = session.transaction(TypeDBTransaction.Type.READ)) {
+
+ var dbResults = readTx.query().matchGroup(query);
+ dbResults.forEach(e -> {
+ String key = e.owner().asEntity().getIID();
+ ObjectNode childNode = mapper.createObjectNode();
+ e.conceptMaps().forEach(m -> {
+ var pair = extractPair(m);
+ childNode.put(pair.first(), pair.second());
+ });
+ rootNode.set(key, childNode);
+ });
+ }
+ return rootNode;
+ }
+
+ public ObjectNode getSchemaJSON(String query) {
+ newSession();
+ ObjectMapper mapper = new ObjectMapper();
+ ObjectNode rootNode = mapper.createObjectNode();
+ try (TypeDBTransaction readTx = session.transaction(TypeDBTransaction.Type.READ)) {
+ System.out.println("QUERY -> " + query);
+ var dbResults = readTx.query().match(query);
+ ArrayNode rel = mapper.createArrayNode();
+ ArrayNode ent = mapper.createArrayNode();
+ ArrayNode att = mapper.createArrayNode();
+
+ dbResults.forEach(e -> {
+ String key = e.map().toString().split(" ")[0];
+ String value = e.map().toString().split(" ")[1];
+ value = value.substring(0, value.length() - 2);
+ if (key.charAt(3) == 'E') {
+ ent.add(value);
+ }
+ if (key.charAt(3) == 'A') {
+ att.add(value);
+ }
+ if (key.charAt(3) == 'R') {
+ rel.add(value);
+ }
+
+ });
+ rootNode.set("Entities", ent);
+ rootNode.set("Relations", rel);
+ rootNode.set("Attributes", att);
+
+ }
+ return rootNode;
+ }
+
+ public ObjectNode getListJSON(String query, String relName, List rolePlayers) {
+ return getListJSON(query, relName, rolePlayers, false);
+ }
+
+ public ObjectNode getListJSON(String query, String relName, List rolePlayers, boolean asAttribute) {
+ newSession();
+ ObjectMapper mapper = new ObjectMapper();
+ ObjectNode rootNode = mapper.createObjectNode();
+ try (TypeDBTransaction readTx = session.transaction(TypeDBTransaction.Type.READ)) {
+ var dbResults = readTx.query().matchGroup(query);
+ dbResults.forEach(e -> {
+
+ String key = e.owner().asRelation().getIID();
+ ObjectNode childNode = mapper.createObjectNode();
+ if (asAttribute) {
+ e.conceptMaps().forEach(m -> {
+ var pair = extractPair(m);
+ childNode.put(pair.first(), pair.second());
+ });
+ }
+
+ String[] rolePlayersTmp = rolePlayers.toArray(new String[0]);
+
+ String queryBegin = "match $rel (";
+ for (int i = 0; i < rolePlayersTmp.length; i++) {
+ queryBegin += rolePlayersTmp[i] + ": $r" + i + ",";
+ }
+ queryBegin = removeLastChar(queryBegin);
+ queryBegin += ") isa " + relName + "; $rel iid " + key + ";";
+
+
+ for (int i = 0; i < rolePlayersTmp.length; i++) {
+ String queryTmp = queryBegin;
+ queryTmp += "$r" + i + " has $attribute; $attribute isa! $i; group $r" + i + ";";
+ var nodeTmp = getIIDJSON(queryTmp);
+ childNode.set(removeFirstChar(rolePlayersTmp[i]), nodeTmp);
+ }
+
+ rootNode.set(key, childNode);
+ });
+
+ }
+ return rootNode;
+ }
+
+ public ObjectNode getListAttrJSON(String query, String relName, List rolePlayers, boolean asAttribute) {
+ newSession();
+ ObjectMapper mapper = new ObjectMapper();
+ ObjectNode rootNode = mapper.createObjectNode();
+ try (TypeDBTransaction readTx = session.transaction(TypeDBTransaction.Type.READ)) {
+ var dbResults = readTx.query().matchGroup(query);
+ dbResults.forEach(e -> {
+
+ String key = e.owner().asRelation().getIID();
+ ObjectNode childNode = mapper.createObjectNode();
+ if (asAttribute) {
+ e.conceptMaps().forEach(m -> {
+ var pair = extractPair(m);
+ childNode.put(pair.first(), pair.second());
+ });
+ }
+
+ String[] rolePlayersTmp = rolePlayers.toArray(new String[0]);
+
+ String queryBegin = "match $rel (";
+ for (int i = 0; i < rolePlayersTmp.length; i++) {
+ queryBegin += rolePlayersTmp[i] + ": $r" + i + ",";
+ }
+ queryBegin = removeLastChar(queryBegin);
+ queryBegin += ") isa " + relName + "; $rel iid " + key + ";";
+
+
+ for (int i = 0; i < rolePlayersTmp.length; i++) {
+ String queryTmp = queryBegin;
+ if (i != 0) {
+ queryTmp += "$r" + i + " has $attribute; $attribute isa! $i; group $r" + i + ";";
+ var nodeTmp = getIIDJSON(queryTmp);
+ childNode.set(removeFirstChar(rolePlayersTmp[i]), nodeTmp);
+ } else {
+ var dbResults2 = readTx.query().matchGroup(query);
+ dbResults2.forEach(w -> w.conceptMaps().forEach(m -> {
+ String value3 = m.map().get("rp1").asAttribute().toString();
+ value3 = removeLastChar(value3.split(":")[1]);
+ childNode.put(rolePlayersTmp[0], value3);
+
+ }));
+
+ }
+
+ }
+
+ rootNode.set(key, childNode);
+ });
+
+ }
+ return rootNode;
+ }
+
+ public ObjectNode getRelJSON(String query, String relName, List rolePlayers) {
+ newSession();
+ ObjectMapper mapper = new ObjectMapper();
+ ObjectNode rootNode = mapper.createObjectNode();
+ try (TypeDBTransaction readTx = session.transaction(TypeDBTransaction.Type.READ)) {
+ var dbResults = readTx.query().matchGroup(query);
+ dbResults.forEach(e -> {
+
+ String key = e.owner().toJSON().toString().split("\"")[11];
+ ObjectNode childNode = mapper.createObjectNode();
+ e.conceptMaps().forEach(m -> {
+ var pair = extractPair(m);
+ childNode.put(pair.first(), pair.second());
+ });
+
+ String[] rolePlayersTmp = rolePlayers.toArray(new String[0]);
+
+ String queryBegin = "match $rel (";
+ for (int i = 0; i < rolePlayersTmp.length; i++) {
+ queryBegin += rolePlayersTmp[i] + ": $r" + i + ",";
+ }
+ queryBegin = removeLastChar(queryBegin);
+ queryBegin += ") isa " + relName + ", has stix_id \"" + key + "\";";
+ for (int i = 0; i < rolePlayersTmp.length; i++) {
+ String queryTmp = queryBegin;
+ queryTmp += "$r" + i + " has $attribute, has stix_id $id; $attribute isa! $i; group $id;";
+ var nodeTmp = getAllJSON(queryTmp);
+ childNode.set(removeFirstChar(rolePlayersTmp[i]), nodeTmp);
+ }
+
+ rootNode.set(key, childNode);
+ });
+
+ }
+ return rootNode;
+ }
+
+ public void newSession() {
+ session = this.client.session(appConfiguration.getDatabase(), TypeDBSession.Type.DATA,
+ TypeDBOptions.core().infer(true));
+ }
+
+ private String removeLastChar(String str) {
+ if (str == null || str.isEmpty()) {
+ return str;
+ }
+ return str.substring(0, str.length() - 1);
+ }
+
+ private String removeFirstChar(String str) {
+ if (str == null || str.isEmpty()) {
+ return str;
+ }
+ return str.substring(1);
+ }
+}
\ No newline at end of file
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/Identity.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/Identity.java
new file mode 100644
index 00000000..c6cc7aa8
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/Identity.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixDomainObject;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Stream;
+
+public class Identity extends StixDomainObject {
+ @JsonIgnore
+ public static final List typeString = Stream.of(StixDomainObject.typeString,
+ Arrays.asList("name", "description", "stix_role", "identity_class", "sector",
+ "contact_information")).flatMap(List::stream).toList();
+
+ @JsonIgnore
+ public static final String nameEnt = "identity";
+ private String name;
+ private String description;
+ private String stixRole;
+ private String identityClass;
+ private String sector;
+ private String contactInformation;
+
+ public Identity() {
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ public String getStixRole() {
+ return stixRole;
+ }
+
+ public void setStixRole(String stixRole) {
+ this.stixRole = stixRole;
+ }
+
+ public String getIdentityClass() {
+ return identityClass;
+ }
+
+ public void setIdentityClass(String identityClass) {
+ this.identityClass = identityClass;
+ }
+
+ public String getSector() {
+ return sector;
+ }
+
+ public void setSector(String sector) {
+ this.sector = sector;
+ }
+
+ public String getContactInformation() {
+ return contactInformation;
+ }
+
+ public void setContactInformation(String contactInformation) {
+ this.contactInformation = contactInformation;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/Indicator.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/Indicator.java
new file mode 100644
index 00000000..535603cf
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/Indicator.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixDomainObject;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.stream.Stream;
+
+public class Indicator extends StixDomainObject {
+ @JsonIgnore
+ public static final List typeString = Stream.of(StixDomainObject.typeString,
+ Arrays.asList("name", "description", "pattern", "pattern_type", "pattern_version")
+ ).flatMap(List::stream).toList();
+
+ @JsonIgnore
+ public static final String nameEnt = "indicator";
+ private String name;
+ private String description;
+ private String pattern;
+ private String patternType;
+ private String patternVersion;
+ private Date validFrom;
+ private Date validUntil;
+
+ public Indicator() {
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ public String getPattern() {
+ return pattern;
+ }
+
+ public void setPattern(String pattern) {
+ this.pattern = pattern;
+ }
+
+ public String getPatternType() {
+ return patternType;
+ }
+
+ public void setPatternType(String patternType) {
+ this.patternType = patternType;
+ }
+
+ public String getPatternVersion() {
+ return patternVersion;
+ }
+
+ public void setPatternVersion(String patternVersion) {
+ this.patternVersion = patternVersion;
+ }
+
+ public Date getValidFrom() {
+ return validFrom;
+ }
+
+ public void setValidFrom(Date validFrom) {
+ this.validFrom = validFrom;
+ }
+
+ public Date getValidUntil() {
+ return validUntil;
+ }
+
+ public void setValidUntil(Date validUntil) {
+ this.validUntil = validUntil;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/KillChainPhase.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/KillChainPhase.java
new file mode 100644
index 00000000..39edf9e9
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/KillChainPhase.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+public class KillChainPhase {
+ @JsonIgnore
+ public static final List typeString = Arrays.asList("kill_chain_name", "kill_chain_phase_name");
+
+ @JsonIgnore
+ public static final String nameEnt = "kill_chain_phase";
+
+ private String killChainName;
+ private String killChainPhaseName;
+ private Date created;
+ private Date modified;
+
+ public Date getCreated() {
+ return created;
+ }
+
+ public void setCreated(Date created) {
+ this.created = created;
+ }
+
+ public Date getModified() {
+ return modified;
+ }
+
+ public void setModified(Date modified) {
+ this.modified = modified;
+ }
+
+ public String getKillChainName() {
+ return killChainName;
+ }
+
+ public void setKillChainName(String killChainName) {
+ this.killChainName = killChainName;
+ }
+
+ public String getKillChainPhaseName() {
+ return killChainPhaseName;
+ }
+
+ public void setKillChainPhaseName(String killChainPhaseName) {
+ this.killChainPhaseName = killChainPhaseName;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/Malware.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/Malware.java
new file mode 100644
index 00000000..3547cedd
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/Malware.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixDomainObject;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Stream;
+
+public class Malware extends StixDomainObject {
+ @JsonIgnore
+ public static List typeList = Stream.of(StixDomainObject.typeList,
+ Arrays.asList("aliases", "architecture_execution_envs", "implementation_languages", "capabilities")
+ ).flatMap(List::stream).toList();
+ @JsonIgnore
+ public static List typeString = Stream.of(StixDomainObject.typeString,
+ Arrays.asList("name", "description", "malware_types", "architecture_execution_envs",
+ "implementation_languages", "capabilities")).flatMap(List::stream).toList();
+
+ @JsonIgnore
+ public static final String nameEnt = "malware";
+ private String name;
+ private String description;
+ private String malwareTypes;
+ private boolean isFamily;
+ private Set aliases;
+ private Date firstSeen;
+ private Date lastSeen;
+ private Set architectureExecutionEnvs;
+ private Set implementationLanguages;
+ private Set capabilities;
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ public String getMalwareTypes() {
+ return malwareTypes;
+ }
+
+ public void setMalwareTypes(String malwareTypes) {
+ this.malwareTypes = malwareTypes;
+ }
+
+ public Boolean getFamily() {
+ return isFamily;
+ }
+
+ public void setFamily(Boolean family) {
+ this.isFamily = family;
+ }
+
+ public Set getAliases() {
+ return aliases;
+ }
+
+ public void setAliases(Set aliases) {
+ this.aliases = aliases;
+ }
+
+ public Date getFirstSeen() {
+ return firstSeen;
+ }
+
+ public void setFirstSeen(Date firstSeen) {
+ this.firstSeen = firstSeen;
+ }
+
+ public Date getLastSeen() {
+ return lastSeen;
+ }
+
+ public void setLastSeen(Date lastSeen) {
+ this.lastSeen = lastSeen;
+ }
+
+ public Set getArchitectureExecutionEnvs() {
+ return architectureExecutionEnvs;
+ }
+
+ public void setArchitectureExecutionEnvs(Set architectureExecutionEnvs) {
+ this.architectureExecutionEnvs = architectureExecutionEnvs;
+ }
+
+ public Set getImplementationLanguages() {
+ return implementationLanguages;
+ }
+
+ public void setImplementationLanguages(Set implementationLanguages) {
+ this.implementationLanguages = implementationLanguages;
+ }
+
+ public Set getCapabilities() {
+ return capabilities;
+ }
+
+ public void setCapabilities(Set capabilities) {
+ this.capabilities = capabilities;
+ }
+
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/ThreatActor.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/ThreatActor.java
new file mode 100644
index 00000000..ed6b88f8
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/ThreatActor.java
@@ -0,0 +1,171 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixDomainObject;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.stream.Stream;
+
+public class ThreatActor extends StixDomainObject {
+ @JsonIgnore
+ public static final List typeString = Stream.of(StixDomainObject.typeString,
+ Arrays.asList("name", "description", "aliases", "stix_role", "goals", "resource_level",
+ "primary_motivation", "secondary_motivation", "sophistication", "personal_characteristics",
+ "roles", "threat_actor_types")).flatMap(List::stream).toList();
+
+ @JsonIgnore
+ public static final String nameEnt = "threat_actor";
+
+ private String name;
+ private String description;
+ private String aliases;
+ private String stixRole;
+ private Date firstSeen;
+ private Date lastSeen;
+ private String goals;
+ private String resourceLevel;
+ private String primaryMotivation;
+ private String secondaryMotivation;
+ private String sophistication;
+ private String personalCharacteristics;
+ private String roles;
+ private String threatActorTypes;
+
+ public ThreatActor() {
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ public String getAliases() {
+ return aliases;
+ }
+
+ public void setAliases(String aliases) {
+ this.aliases = aliases;
+ }
+
+ public String getStixRole() {
+ return stixRole;
+ }
+
+ public void setStixRole(String stixRole) {
+ this.stixRole = stixRole;
+ }
+
+ public Date getFirstSeen() {
+ return firstSeen;
+ }
+
+ public void setFirstSeen(Date firstSeen) {
+ this.firstSeen = firstSeen;
+ }
+
+ public Date getLastSeen() {
+ return lastSeen;
+ }
+
+ public void setLastSeen(Date lastSeen) {
+ this.lastSeen = lastSeen;
+ }
+
+ public String getGoals() {
+ return goals;
+ }
+
+ public void setGoals(String goals) {
+ this.goals = goals;
+ }
+
+ public String getResourceLevel() {
+ return resourceLevel;
+ }
+
+ public void setResourceLevel(String resourceLevel) {
+ this.resourceLevel = resourceLevel;
+ }
+
+ public String getPrimaryMotivation() {
+ return primaryMotivation;
+ }
+
+ public void setPrimaryMotivation(String primaryMotivation) {
+ this.primaryMotivation = primaryMotivation;
+ }
+
+ public String getSecondaryMotivation() {
+ return secondaryMotivation;
+ }
+
+ public void setSecondaryMotivation(String secondaryMotivation) {
+ this.secondaryMotivation = secondaryMotivation;
+ }
+
+ public String getSophistication() {
+ return sophistication;
+ }
+
+ public void setSophistication(String sophistication) {
+ this.sophistication = sophistication;
+ }
+
+ public String getPersonalCharacteristics() {
+ return personalCharacteristics;
+ }
+
+ public void setPersonalCharacteristics(String personalCharacteristics) {
+ this.personalCharacteristics = personalCharacteristics;
+ }
+
+ public String getRoles() {
+ return roles;
+ }
+
+ public void setRoles(String roles) {
+ this.roles = roles;
+ }
+
+ public String getThreatActorTypes() {
+ return threatActorTypes;
+ }
+
+ public void setThreatActorTypes(String threatActorTypes) {
+ this.threatActorTypes = threatActorTypes;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/Class.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/Class.java
new file mode 100644
index 00000000..317e9a79
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/Class.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain.identity;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.domain.Identity;
+
+public class Class extends Identity {
+
+ @JsonIgnore
+ public static final String nameEnt = "class";
+
+ public Class() {
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/Group.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/Group.java
new file mode 100644
index 00000000..239b10c1
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/Group.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain.identity;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.domain.Identity;
+
+public class Group extends Identity {
+
+ @JsonIgnore
+ public static final String nameEnt = "group";
+
+ public Group() {
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/IdUnknown.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/IdUnknown.java
new file mode 100644
index 00000000..8360d3f9
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/IdUnknown.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain.identity;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.domain.Identity;
+
+public class IdUnknown extends Identity {
+
+ @JsonIgnore
+ public static final String nameEnt = "id_unknown";
+
+ public IdUnknown() {
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/Individual.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/Individual.java
new file mode 100644
index 00000000..64f9fb4e
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/Individual.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain.identity;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.domain.Identity;
+
+public class Individual extends Identity {
+
+ @JsonIgnore
+ public static final String nameEnt = "individual";
+
+ public Individual() {
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/System.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/System.java
new file mode 100644
index 00000000..5a573f47
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/domain/identity/System.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.domain.identity;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.domain.Identity;
+
+public class System extends Identity {
+
+ @JsonIgnore
+ public static final String nameEnt = "system";
+
+ public System() {
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/observable/File.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/observable/File.java
new file mode 100644
index 00000000..6d598e54
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/observable/File.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.observable;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixDomainObject;
+import com.typedb.examples.cti.model.stix.StixCyberObservableObject;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.stream.Stream;
+
+public class File extends StixCyberObservableObject {
+ @JsonIgnore
+ public static final List typeString = Stream.of(StixDomainObject.typeString,
+ Arrays.asList("name", "name_enc", "magic_number_hex", "mime_type")).flatMap(List::stream).toList();
+
+ @JsonIgnore
+ public static final String nameEnt = "file";
+
+ private Integer size;
+ private String name;
+ private String nameEnc;
+ private String magicNumberHex;
+ private String mimeType;
+ private Date ctime;
+ private Date mtime;
+ private Date atime;
+
+ public Integer getSize() {
+ return size;
+ }
+
+ public void setSize(Integer size) {
+ this.size = size;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getNameEnc() {
+ return nameEnc;
+ }
+
+ public void setNameEnc(String nameEnc) {
+ this.nameEnc = nameEnc;
+ }
+
+ public String getMagicNumberHex() {
+ return magicNumberHex;
+ }
+
+ public void setMagicNumberHex(String magicNumberHex) {
+ this.magicNumberHex = magicNumberHex;
+ }
+
+ public String getMimeType() {
+ return mimeType;
+ }
+
+ public void setMimeType(String mimeType) {
+ this.mimeType = mimeType;
+ }
+
+ public Date getCtime() {
+ return ctime;
+ }
+
+ public void setCtime(Date ctime) {
+ this.ctime = ctime;
+ }
+
+ public Date getMtime() {
+ return mtime;
+ }
+
+ public void setMtime(Date mtime) {
+ this.mtime = mtime;
+ }
+
+ public Date getAtime() {
+ return atime;
+ }
+
+ public void setAtime(Date atime) {
+ this.atime = atime;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Impersonates.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Impersonates.java
new file mode 100644
index 00000000..2d50b30c
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Impersonates.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixCoreRelationship;
+
+import java.util.Arrays;
+import java.util.List;
+
+public class Impersonates extends StixCoreRelationship {
+ @JsonIgnore
+ public static final List typeString = StixCoreRelationship.typeString;
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("impersonating", "impersonated");
+
+ @JsonIgnore
+ public static final String nameRel = "impersonates";
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Indicates.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Indicates.java
new file mode 100644
index 00000000..ddcb7a02
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Indicates.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixCoreRelationship;
+
+import java.util.Arrays;
+import java.util.List;
+
+public class Indicates extends StixCoreRelationship {
+ @JsonIgnore
+ public static final List typeString = StixCoreRelationship.typeString;
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("indicating", "indicated");
+
+ @JsonIgnore
+ public static final String nameRel = "indicates";
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Sighting.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Sighting.java
new file mode 100644
index 00000000..a17ad6b4
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Sighting.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixCoreRelationship;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.stream.Stream;
+
+public class Sighting extends StixCoreRelationship {
+ @JsonIgnore
+ public static final List typeString = Stream.of(StixCoreRelationship.typeString, List.of("summary")
+ ).flatMap(List::stream).toList();
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("sighting_of", "observed_data");
+
+ @JsonIgnore
+ public static final String nameRel = "sighting";
+
+ private Date firstSeen;
+ private Date lastSeen;
+
+ private Double count;
+ private String summary;
+
+ public Date getFirstSeen() {
+ return firstSeen;
+ }
+
+ public void setFirstSeen(Date firstSeen) {
+ this.firstSeen = firstSeen;
+ }
+
+ public Date getLastSeen() {
+ return lastSeen;
+ }
+
+ public void setLastSeen(Date lastSeen) {
+ this.lastSeen = lastSeen;
+ }
+
+ public Double getCount() {
+ return count;
+ }
+
+ public void setCount(Double count) {
+ this.count = count;
+ }
+
+ public String getSummary() {
+ return summary;
+ }
+
+ public void setSummary(String summary) {
+ this.summary = summary;
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Targets.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Targets.java
new file mode 100644
index 00000000..4a342cc9
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Targets.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixCoreRelationship;
+
+import java.util.Arrays;
+import java.util.List;
+
+public class Targets extends StixCoreRelationship {
+ @JsonIgnore
+ public static final List typeString = StixCoreRelationship.typeString;
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("targeting", "targeted");
+
+ @JsonIgnore
+ public static final String nameRel = "targets";
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Uses.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Uses.java
new file mode 100644
index 00000000..a07c57d0
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/Uses.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.typedb.examples.cti.model.stix.StixCoreRelationship;
+
+import java.util.Arrays;
+import java.util.List;
+
+public class Uses extends StixCoreRelationship {
+ @JsonIgnore
+ public static final List typeString = StixCoreRelationship.typeString;
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("used_by", "used");
+
+ @JsonIgnore
+ public static final String nameRel = "uses";
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/AttributedTo.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/AttributedTo.java
new file mode 100644
index 00000000..60974836
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/AttributedTo.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship.ext;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+public class AttributedTo {
+ @JsonIgnore
+ public static final List typeString = Arrays.asList("stix_id", "spec_version");
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("attributing", "attributed");
+
+ @JsonIgnore
+ public static final String nameRel = "attributed_to";
+
+ private String stixId;
+ private String specVersion;
+ private Date created;
+ private Date modified;
+
+
+ public String getSpecVersion() {
+ return specVersion;
+ }
+
+ public void setSpecVersion(String specVersion) {
+ this.specVersion = specVersion;
+ }
+
+ public String getStixId() {
+ return stixId;
+ }
+
+ public void setStixId(String stixId) {
+ this.stixId = stixId;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+
+ public void setCreated(Date created) {
+ this.created = created;
+ }
+
+ public Date getModified() {
+ return modified;
+ }
+
+ public void setModified(Date modified) {
+ this.modified = modified;
+ }
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/CreatedBy.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/CreatedBy.java
new file mode 100644
index 00000000..89834aeb
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/CreatedBy.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship.ext;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class CreatedBy {
+ @JsonIgnore
+ public static final List typeString = new ArrayList<>();
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("creator", "created");
+ @JsonIgnore
+ public static final String nameRel = "created_by";
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/ExternalReferences.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/ExternalReferences.java
new file mode 100644
index 00000000..5f5d75d1
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/ExternalReferences.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship.ext;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class ExternalReferences {
+ @JsonIgnore
+ public static final List typeString = new ArrayList();
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("referencing", "referenced");
+
+ @JsonIgnore
+ public static final String nameRel = "external_references";
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/Hashes.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/Hashes.java
new file mode 100644
index 00000000..a78a617d
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/Hashes.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship.ext;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class Hashes {
+ @JsonIgnore
+ public static final List typeString = List.of("hash_algorithm");
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("hash_value", "hashes_owner");
+
+ @JsonIgnore
+ public static final String nameRel = "hashes";
+
+ private String hashAlgorithm;
+
+
+ public String getHashAlgorithm() {
+ return hashAlgorithm;
+ }
+
+ public void setHashAlgorithm(String hashAlgorithm) {
+ this.hashAlgorithm = hashAlgorithm;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/KillChainPhases.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/KillChainPhases.java
new file mode 100644
index 00000000..93b56866
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/relationship/ext/KillChainPhases.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.relationship.ext;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class KillChainPhases {
+ @JsonIgnore
+ public static final List typeString = new ArrayList<>();
+
+ @JsonIgnore
+ public static final List rolePlayers = Arrays.asList("using", "used");
+
+ @JsonIgnore
+ public static final String nameRel = "kill_chain_phases";
+
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixCoreObject.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixCoreObject.java
new file mode 100644
index 00000000..7bd44573
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixCoreObject.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.stix;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class StixCoreObject {
+ @JsonIgnore
+ public static final List typeList = new ArrayList<>();
+
+ @JsonIgnore
+ public static final List typeString = List.of("spec_version");
+
+ @JsonIgnore
+ public static final String nameEnt = "stix_core_object";
+ private String specVersion;
+
+ public String getSpecVersion() {
+ return specVersion;
+ }
+
+ public void setSpecVersion(String specVersion) {
+ this.specVersion = specVersion;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixCoreRelationship.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixCoreRelationship.java
new file mode 100644
index 00000000..e17ea5f9
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixCoreRelationship.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.stix;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+public class StixCoreRelationship {
+ @JsonIgnore
+ public static final List typeString = Arrays.asList("stix_id", "stix_type");
+
+ @JsonIgnore
+ public static final String nameEnt = "stix_core_relationship";
+ private String stixId;
+ private String stixType;
+ private Date created;
+ private Date modified;
+
+ public String getStixId() {
+ return stixId;
+ }
+
+ public void setStixId(String stixId) {
+ this.stixId = stixId;
+ }
+
+ public String getStixType() {
+ return stixType;
+ }
+
+ public void setStixType(String stixType) {
+ this.stixType = stixType;
+ }
+
+ public Date getCreated() {
+ return created;
+ }
+
+ public void setCreated(Date created) {
+ this.created = created;
+ }
+
+ public Date getModified() {
+ return modified;
+ }
+
+ public void setModified(Date modified) {
+ this.modified = modified;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixCyberObservableObject.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixCyberObservableObject.java
new file mode 100644
index 00000000..9efa1169
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixCyberObservableObject.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.stix;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.List;
+import java.util.stream.Stream;
+
+public class StixCyberObservableObject extends StixCoreObject {
+
+ @JsonIgnore
+ public static final List typeList = StixCoreObject.typeList;
+ @JsonIgnore
+ public static final List typeString = Stream.of(StixCoreObject.typeString, List.of("defanged")
+ ).flatMap(List::stream).toList();
+
+ @JsonIgnore
+ public static final String nameEnt = "stix_cyber_observable_object";
+ private String defanged;
+
+ public StixCyberObservableObject() {
+ }
+
+ public String getDefanged() {
+ return defanged;
+ }
+
+ public void setDefanged(String defanged) {
+ this.defanged = defanged;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixDomainObject.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixDomainObject.java
new file mode 100644
index 00000000..a2f45c29
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/model/stix/StixDomainObject.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.model.stix;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Stream;
+
+public class StixDomainObject extends StixCoreObject {
+
+ @JsonIgnore
+ public static final List typeList = Stream.of(StixCoreObject.typeList, List.of("labels")
+ ).flatMap(List::stream).toList();
+
+ @JsonIgnore
+ public static final List typeString = Stream.of(StixCoreObject.typeString, Arrays.asList("labels", "langs")
+ ).flatMap(List::stream).toList();
+
+ @JsonIgnore
+ public static final String nameEnt = "stix_domain_object";
+
+
+ private Date created;
+
+ private Date modified;
+
+ private Boolean revoked;
+
+ private Set labels;
+
+ private int confidence;
+
+ private String langs;
+
+ public Date getCreated() {
+ return created;
+ }
+
+ public void setCreated(Date created) {
+ this.created = created;
+ }
+
+ public Date getModified() {
+ return modified;
+ }
+
+ public void setModified(Date modified) {
+ this.modified = modified;
+ }
+
+ public Boolean getRevoked() {
+ return revoked;
+ }
+
+ public void setRevoked(Boolean revoked) {
+ this.revoked = revoked;
+ }
+
+ public Set getLabels() {
+ return labels;
+ }
+
+ public void setLabels(Set labels) {
+ this.labels = labels;
+ }
+
+ public int getConfidence() {
+ return confidence;
+ }
+
+ public void setConfidence(int confidence) {
+ this.confidence = confidence;
+ }
+
+ public String getLangs() {
+ return langs;
+ }
+
+ public void setLangs(String langs) {
+ this.langs = langs;
+ }
+}
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/web/CTIBean.java b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/web/CTIBean.java
new file mode 100644
index 00000000..ca9f3bc8
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/java/com/typedb/examples/cti/web/CTIBean.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti.web;
+
+import com.vaticle.typedb.client.TypeDB;
+import com.vaticle.typedb.client.api.TypeDBClient;
+import com.vaticle.typedb.client.api.TypeDBSession;
+import com.vaticle.typedb.client.api.TypeDBTransaction;
+import com.vaticle.typeql.lang.TypeQL;
+import com.typedb.examples.cti.configuration.AppConfiguration;
+import org.jetbrains.annotations.NotNull;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.event.ApplicationReadyEvent;
+import org.springframework.context.ApplicationListener;
+import org.springframework.stereotype.Component;
+
+import java.net.URL;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.logging.Logger;
+
+@Component
+public class CTIBean implements ApplicationListener {
+ private static final Logger LOGGER = Logger.getLogger("AppSpringWeb");
+
+ @Autowired
+ private AppConfiguration appConfiguration;
+
+ @Override
+ public void onApplicationEvent(@NotNull ApplicationReadyEvent event) {
+ String address = appConfiguration.getAddress() + ":" + appConfiguration.getPort();
+ String database = appConfiguration.getDatabase();
+ String dataset = appConfiguration.getDataset();
+ String schema = appConfiguration.getSchema();
+ TypeDBClient client = TypeDB.coreClient(address);
+ LOGGER.info("Deleting Database");
+ if (client.databases().contains(database)) {
+ client.databases().get(database).delete();
+ }
+ LOGGER.info("Creating Database");
+ client.databases().create(database);
+ LOGGER.info("Inserting Schema");
+
+ try (TypeDBSession session = client.session(database, TypeDBSession.Type.SCHEMA)) {
+ try (TypeDBTransaction tx = session.transaction(TypeDBTransaction.Type.WRITE)) {
+ URL file = this.getClass().getClassLoader().getResource(schema);
+
+ if (file == null) {
+ throw new AssertionError();
+ }
+
+ String query = Files.readString(Paths.get(file.toURI()));
+ tx.query().define(TypeQL.parseQuery(query).asDefine());
+ tx.commit();
+ } catch (Exception ex) {
+
+ ex.printStackTrace(System.err);
+ }
+
+ }
+
+ LOGGER.info("Inserting data");
+
+ try (TypeDBSession session = client.session(database, TypeDBSession.Type.DATA)) {
+ try (TypeDBTransaction tx = session.transaction(TypeDBTransaction.Type.WRITE)) {
+ URL file = this.getClass().getClassLoader().getResource(dataset);
+
+ if (file == null) {
+ throw new AssertionError();
+ }
+
+ String query = Files.readString(Paths.get(file.toURI()));
+ tx.query().insert(TypeQL.parseQuery(query).asInsert());
+ tx.commit();
+ } catch (Exception ex) {
+
+ ex.printStackTrace(System.err);
+ }
+ }
+
+ LOGGER.info("Ready to use");
+ }
+
+}
\ No newline at end of file
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/resources/application.properties b/cybersecurity/cyber_threat_intelligence/src/main/resources/application.properties
new file mode 100644
index 00000000..d1460ef9
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/resources/application.properties
@@ -0,0 +1,28 @@
+#
+# Copyright (C) 2023 Vaticle
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+typedb.host = localhost
+typedb.port = 1729
+typedb.db = CTI_SPRING
+typedb.schema = schema_CTI.tql
+typedb.dataset = small_dataset.tql
+
+spring.graphql.graphiql.enabled=true
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/resources/graphql/schema.graphqls b/cybersecurity/cyber_threat_intelligence/src/main/resources/graphql/schema.graphqls
new file mode 100644
index 00000000..78a6a813
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/resources/graphql/schema.graphqls
@@ -0,0 +1,285 @@
+"""
+* Copyright (C) 2023 Vaticle
+*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+"""
+
+scalar Date
+scalar JSON
+
+type Malware{
+ name: String
+ description: String
+ spec_version: String
+ malware_types: String
+ langs: String
+ is_family: Boolean
+ revoked: Boolean
+ created: Date
+ modified: Date
+ confidence: Int
+ aliases: [String]
+ labels: [String]
+ architecture_execution_envs: [String]
+ implementation_languages: [String]
+ capabilities: [String]
+}
+
+type ThreatActor{
+ spec_version: String
+
+ created: Date
+ modified: Date
+ revoked: Boolean
+ langs: String
+ confidence: Int
+ labels: [String]
+
+ name: String
+ description: String
+ aliases: String
+ stix_role: String
+ goals: String
+ resource_level: String
+ primary_motivation: String
+ secondary_motivation: String
+ sophistication: String
+ personal_characteristics: String
+ roles: String
+ threat_actor_types: String
+ first_seen: Date
+ last_seen: Date
+}
+
+type File{
+ spec_version: String
+
+ defanged: String
+
+ size: Int
+ name: String
+ name_enc: String
+ magic_number_hex: String
+ mime_type: String
+ ctime: Date
+ mtime: Date
+ atime: Date
+}
+
+type Identity{
+ spec_version: String
+
+ created: Date
+ modified: Date
+ revoked: Boolean
+ langs: String
+ confidence: Int
+ labels: [String]
+
+ name: String
+ description: String
+ stix_role: String
+ identity_class: String
+ sector: String
+ contact_information: String
+}
+
+type Indicator {
+ spec_version: String
+
+ created: Date
+ modified: Date
+ revoked: Boolean
+ langs: String
+ confidence: Int
+ labels: [String]
+
+ name: String
+ description: String
+ pattern: String
+ pattern_type: String
+ pattern_version: String
+ valid_from: String
+ valid_until: String
+}
+
+type Class {
+ spec_version: String
+
+ created: Date
+ modified: Date
+ revoked: Boolean
+ langs: String
+ confidence: Int
+ labels: [String]
+
+ name: String
+ description: String
+ stix_role: String
+ identity_class: String
+ sector: String
+ contact_information: String
+}
+
+type Group {
+ spec_version: String
+
+ created: Date
+ modified: Date
+ revoked: Boolean
+ langs: String
+ confidence: Int
+ labels: [String]
+
+ name: String
+ description: String
+ stix_role: String
+ identity_class: String
+ sector: String
+ contact_information: String
+}
+
+type IdUnknown {
+ spec_version: String
+
+ created: Date
+ modified: Date
+ revoked: Boolean
+ langs: String
+ confidence: Int
+ labels: [String]
+
+ name: String
+ description: String
+ stix_role: String
+ identity_class: String
+ sector: String
+ contact_information: String
+}
+
+type Individual {
+ spec_version: String
+
+ created: Date
+ modified: Date
+ revoked: Boolean
+ langs: String
+ confidence: Int
+ labels: [String]
+
+ name: String
+ description: String
+ stix_role: String
+ identity_class: String
+ sector: String
+ contact_information: String
+}
+
+type System {
+ spec_version: String
+
+ created: Date
+ modified: Date
+ revoked: Boolean
+ langs: String
+ confidence: Int
+ labels: [String]
+
+ name: String
+ description: String
+ stix_role: String
+ identity_class: String
+ sector: String
+ contact_information: String
+}
+
+type KillChainPhase{
+ created: Date
+ modified: Date
+ kill_chain_name: String
+ kill_chain_phase_name: String
+}
+
+type Query{
+ getMalware: JSON
+ getMalwareBeans: [Malware]
+ getThreatActor: JSON
+ getThreatActorBeans: [ThreatActor]
+ getFile: JSON
+ getFileBeans: [File]
+ getIdentity: JSON
+ getIdentityBeans: [Identity]
+ getIndicator: JSON
+ getIndicatorBeans: [Indicator]
+ getClass: JSON
+ getClassBeans: [Class]
+ getGroup: JSON
+ getGroupBeans: [Group]
+ cenIdUnknown: JSON
+ getIdUnknownBeans: [IdUnknown]
+ getIndividual: JSON
+ getIndividualBeans: [Individual]
+ getSystem: JSON
+ getSystemBeans: [System]
+ getKillChainPhase: JSON
+ getKillChainPhaseBeans: [KillChainPhase]
+
+ getThreatActorSearch(type: String, name: String): JSON
+ getThreatActorSearchBeans(type: String, name: String): [ThreatActor]
+ getMalwareSearch(type: String, name: String): JSON
+ getMalwareSearchBeans(type: String, name: String): [Malware]
+ getFileSearch(type: String, name: String): JSON
+ getFileSearchBeans(type: String, name: String): [File]
+ getIdentitySearch(type: String, name: String): JSON
+ getIdentitySearchBeans(type: String, name: String): [Identity]
+ getIndicatorSearch(type: String, name: String): JSON
+ getIndicatorSearchBeans(type: String, name: String): [Indicator]
+ getClassSearch(type: String, name: String): JSON
+ getClassSearchBeans(type: String, name: String): [Class]
+ getGroupSearch(type: String, name: String): JSON
+ getGroupSearchBeans(type: String, name: String): [Group]
+ getIdUnknownSearch(type: String, name: String): JSON
+ getIdUnknownSearchBeans(type: String, name: String): [IdUnknown]
+ getIndividualSearch(type: String, name: String): JSON
+ getIndividualSearchBeans(type: String, name: String): [Individual]
+ getSystemSearch(type: String, name: String): JSON
+ getSystemSearchBeans(type: String, name: String): [System]
+ getKillChainPhaseSearch(type: String, name: String): JSON
+ getKillChainPhaseSearchBeans(type: String, name: String): [KillChainPhase]
+ getAttributedToSearch(type: String, name: String): JSON
+ getIndicatesSearch(type: String, name: String): JSON
+ getSightingSearch(type: String, name: String): JSON
+ getUsesSearch(type: String, name: String): JSON
+ getTargetsSearch(type: String, name: String): JSON
+ getImpersonatesSearch(type: String, name: String): JSON
+ getHashesSearch(type: String, name: String): JSON
+
+
+ getAttributedTo: JSON
+ getIndicates: JSON
+ getSighting: JSON
+ getUses: JSON
+ getTargets: JSON
+ getImpersonates: JSON
+ getKillChainPhases: JSON
+ getExternalReferences: JSON
+ getCreatedBy: JSON
+ getHashes: JSON
+ getSchema: JSON
+ getSchemaCurrent: JSON
+}
\ No newline at end of file
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/resources/schema_CTI.tql b/cybersecurity/cyber_threat_intelligence/src/main/resources/schema_CTI.tql
new file mode 100644
index 00000000..506785b2
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/resources/schema_CTI.tql
@@ -0,0 +1,1641 @@
+#
+# Copyright (C) 2023 Vaticle
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# Based on https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_disnqa06jm5
+
+
+define
+
+### 1 Base Entities ###
+
+stix_entity sub entity,
+ abstract;
+
+stix_object sub stix_entity,
+ owns stix_type,
+ owns stix_id @key,
+ owns custom_attribute,
+
+ plays granular_marking:marking;
+
+stix_core_object sub stix_object,
+ owns spec_version,
+
+ plays object_marking:marked,
+ plays created_by:created,
+ plays derivation:derived_from,
+ plays derivation:deriving,
+ plays duplicate_of:duplicated_object;
+
+
+stix_domain_object sub stix_core_object,
+ owns created,
+ owns modified,
+ owns revoked,
+ owns labels,
+ owns confidence,
+ owns langs,
+
+ # Rel
+ plays sighting:sighting_of,
+ plays external_references:referencing,
+
+ # RRel
+ plays kill_chain_phases:used,
+ plays sighting:observed_data,
+ plays external_references:referenced;
+
+
+stix_cyber_observable_object sub stix_core_object,
+ owns defanged,
+
+ # Rel
+ plays external_references:referencing,
+ plays contains_ref:containing,
+
+ # RRel
+ plays external_references:referenced;
+
+stix_sub_object sub stix_entity,
+ owns created,
+ owns modified,
+
+ plays granular_marking:marking;
+
+
+### 2 Data Types ###
+
+external_reference sub stix_sub_object,
+ owns source_name,
+ owns description,
+ owns url_link,
+ owns external_id,
+
+ plays hashes:hashes_owner,
+ plays external_references:referenced;
+
+kill_chain_phase sub stix_sub_object,
+ owns kill_chain_name,
+ owns kill_chain_phase_name,
+
+ plays kill_chain_phases:using;
+
+### 3 SDOs ###
+
+attack_pattern sub stix_domain_object,
+ owns name,
+ owns description,
+ owns aliases,
+
+ # Rel
+ plays delivers:delivering,
+ plays targets:targeting,
+ plays uses:used_by,
+
+ # RRel
+ plays indicates:indicated,
+ plays uses:used,
+ plays mitigates:mitigated;
+
+campaign sub stix_domain_object,
+ owns name,
+ owns description,
+ owns aliases,
+ owns first_seen,
+ owns last_seen,
+ owns objective,
+
+ # Rel
+ plays targets:targeting,
+ plays attributed_to:attributing,
+ plays uses:used_by,
+ plays compromises:compromising,
+ plays originates_from:originating,
+
+ # RRel
+ plays indicates:indicated;
+
+course_of_action sub stix_domain_object,
+ owns name,
+ owns description,
+ owns action,
+
+ # Rel
+ plays investigates:investigating,
+ plays mitigates:mitigating,
+ plays remediates:remediating;
+
+grouping sub stix_domain_object,
+ owns name,
+ owns description,
+ owns context;
+
+identity sub stix_domain_object,
+ owns name,
+ owns description,
+ owns stix_role,
+ owns identity_class,
+ owns sector,
+ owns contact_information,
+
+ # Rel
+ plays located_at:locating,
+ plays created_by:creator,
+
+ # RRel
+ plays targets:targeted,
+ plays attributed_to:attributed,
+ plays impersonates:impersonated;
+
+individual sub identity;
+group sub identity;
+system sub identity;
+organization sub identity;
+class sub identity;
+id_unknown sub identity;
+
+incident sub stix_domain_object,
+ owns name,
+ owns description;
+
+indicator sub stix_domain_object,
+ owns name,
+ owns description,
+ owns indicator_type,
+ owns pattern,
+ owns pattern_type,
+ owns pattern_version,
+ owns valid_from,
+ owns valid_until,
+
+ # Rel
+ plays indicates:indicating,
+ plays based_on:basing,
+
+ # RRel
+ plays investigates:investigated,
+ plays mitigates:mitigated;
+
+infrastructure sub stix_domain_object,
+ owns name,
+ owns description,
+ owns infrastructure_types,
+ owns aliases,
+ owns first_seen,
+ owns last_seen,
+
+ # Rel
+ plays delivers:delivering,
+ plays uses:used_by,
+ plays located_at:locating,
+ plays communicates_with:communicating,
+ plays consist_of:consisting,
+ plays controls:controlling,
+ plays have:having,
+ plays hosts:hosting,
+
+ # RRel
+ plays controls:controlled,
+ plays communicates_with:communicated,
+ plays compromises:compromised,
+ plays indicates:indicated,
+ plays uses:used,
+ plays targets:targeted,
+ plays hosts:hosted,
+ plays beacons_to:beaconed_to,
+ plays exfiltrates_to:exfiltrated_to,
+ plays ownerships:owned;
+
+intrusion_set sub stix_domain_object,
+ owns name,
+ owns description,
+ owns aliases,
+ owns first_seen,
+ owns last_seen,
+ owns goals,
+ owns sophistication,
+ owns resource_level,
+ owns primary_motivation,
+ owns secondary_motivations,
+
+ # Rel
+ plays targets:targeting,
+ plays uses:used_by,
+ plays attributed_to:attributing,
+ plays compromises:compromising,
+ plays originates_from:originating,
+ plays hosts:hosting,
+ plays ownerships:owning,
+
+ # RRel
+ plays indicates:indicated,
+ plays attributed_to:attributed,
+ plays authored_by:authored;
+
+malware sub stix_domain_object,
+ owns name,
+ owns description,
+ owns malware_types,
+ owns is_family,
+ owns aliases,
+ owns first_seen,
+ owns last_seen,
+ owns architecture_execution_envs,
+ owns implementation_languages,
+ owns capabilities,
+
+ # Rel
+ plays targets:targeting,
+ plays uses:used_by,
+ plays originates_from:originating,
+ plays controls:controlling,
+ plays hosts:hosting,
+ plays authored_by:authoring,
+ plays beacons_to:beaconing_to,
+ plays exfiltrates_to:exfiltrating_to,
+ plays downloads:downloading,
+ plays drops:dropping,
+ plays exploits:exploiting,
+ plays variant_of:varianted_from,
+ plays communicates_with:communicating,
+
+ # RRel
+ plays controls:controlled,
+ plays remediates:remediated,
+ plays mitigates:mitigated,
+ plays uses:used,
+ plays delivers:delivered,
+ plays indicates:indicated,
+ plays downloads:downloaded,
+ plays drops:dropped,
+ plays variant_of:varianted,
+ plays characterizes:characterized,
+ plays analysis_of:analysed,
+ plays static_analysis_of:analysed,
+ plays dynamic_analysis_of:analysed;
+
+location sub stix_domain_object,
+ owns name,
+ owns description,
+ owns latitude,
+ owns longitude,
+ owns precision,
+ owns region,
+ owns country,
+ owns administrative_area,
+ owns city,
+ owns street_address,
+ owns postal_code,
+
+ # RRel
+ plays targets:targeted,
+ plays originates_from:originated,
+ plays located_at:located;
+
+malware_analysis sub stix_domain_object,
+ owns product,
+ owns version,
+ owns configuration_version,
+ owns module,
+ owns analysis_engine_version,
+ owns analysis_definition_version,
+ owns submitted,
+ owns analysis_started,
+ owns analysis_ended,
+ owns result_name,
+ owns result,
+
+ # Rel
+ plays characterizes:characterizing,
+ plays analysis_of:analysing,
+ plays static_analysis_of:analysing,
+ plays dynamic_analysis_of:analysing;
+
+note sub stix_domain_object,
+ owns note_abstract,
+ owns content,
+ owns authors;
+
+opinion sub stix_domain_object,
+ owns explanation,
+ owns authors,
+ owns opinion_enum;
+
+observed_data sub stix_domain_object,
+ owns first_observed,
+ owns last_observed,
+ owns number_observed,
+
+ # RRel
+ plays based_on:based,
+ plays consist_of:consisted;
+
+report sub stix_domain_object,
+ owns name,
+ owns description,
+ owns report_type,
+ owns published;
+
+threat_actor sub stix_domain_object,
+ owns name,
+ owns description,
+ owns aliases,
+ owns stix_role,
+ owns first_seen,
+ owns last_seen,
+ owns goals,
+ owns resource_level,
+ owns primary_motivation,
+ owns secondary_motivations,
+ owns sophistication,
+ owns personal_characteristics,
+ owns roles,
+ owns threat_actor_types,
+
+ # Rel
+ plays targets:targeting,
+ plays uses:used_by,
+ plays attributed_to:attributing,
+ plays compromises:compromising,
+ plays located_at:locating,
+ plays impersonates:impersonating,
+ plays hosts:hosting,
+ plays ownerships:owning,
+
+ # RRel
+ plays attributed_to:attributed,
+ plays indicates:indicated,
+ plays authored_by:authored;
+
+tool sub stix_domain_object,
+ owns name,
+ owns description,
+ owns tool_types,
+ owns aliases,
+ owns first_seen,
+ owns last_seen,
+ owns tool_version,
+
+ # Rel
+ plays delivers:delivering,
+ plays targets:targeting,
+ plays uses:used_by,
+ plays have:having,
+ plays drops:dropping,
+
+ # RRel
+ plays uses:used,
+ plays indicates:indicated,
+ plays mitigates:mitigated,
+ plays hosts:hosted,
+ plays downloads:downloaded,
+ plays drops:dropped;
+
+custom_object sub stix_domain_object,
+ owns name,
+ owns description,
+ owns aliases,
+ owns first_seen,
+ owns last_seen,
+ owns objective,
+
+ # Rel
+ plays delivers:delivering,
+ plays targets:targeting,
+ plays uses:used_by,
+
+ # RRel
+ plays uses:used,
+ plays mitigates:mitigated;
+
+vulnerability sub stix_domain_object,
+ owns name,
+ owns description,
+
+ # RRel
+ plays targets:targeted,
+ plays mitigates:mitigated,
+ plays remediates:remediated,
+ plays have:had,
+ plays exploits:exploited;
+
+### 5 SROs ###
+stix_core_relationship sub relation,
+ # Required
+ owns spec_version,
+ owns stix_id @key,
+ owns created,
+ owns modified,
+ owns stix_type,
+
+ # Optional
+ owns description,
+ owns revoked,
+ owns labels,
+ owns confidence,
+ owns langs,
+ owns custom_attribute,
+
+ relates source,
+ relates target,
+
+ plays created_by:created,
+ plays granular_marking:marking,
+ plays external_references:referenced;
+
+delivers sub stix_core_relationship,
+ relates delivering as source,
+ relates delivered as target;
+
+targets sub stix_core_relationship,
+ relates targeting as source,
+ relates targeted as target;
+
+attributed_to sub stix_core_relationship,
+ relates attributing as source,
+ relates attributed as target;
+
+uses sub stix_core_relationship,
+ relates used_by as source,
+ relates used as target;
+
+indicates sub stix_core_relationship,
+ relates indicating as source,
+ relates indicated as target;
+
+compromises sub stix_core_relationship,
+ relates compromising as source,
+ relates compromised as target;
+
+originates_from sub stix_core_relationship,
+ relates originating as source,
+ relates originated as target;
+
+investigates sub stix_core_relationship,
+ relates investigating as source,
+ relates investigated as target;
+
+mitigates sub stix_core_relationship,
+ relates mitigating as source,
+ relates mitigated as target;
+
+remediates sub stix_core_relationship,
+ relates remediating as source,
+ relates remediated as target;
+
+located_at sub stix_core_relationship,
+ relates locating as source,
+ relates located as target;
+
+impersonates sub stix_core_relationship,
+ relates impersonating as source,
+ relates impersonated as target;
+
+based_on sub stix_core_relationship,
+ relates basing as source,
+ relates based as target;
+
+communicates_with sub stix_core_relationship,
+ relates communicating as source,
+ relates communicated as target;
+
+consist_of sub stix_core_relationship,
+ relates consisting as source,
+ relates consisted as target;
+
+controls sub stix_core_relationship,
+ relates controlling as source,
+ relates controlled as target;
+
+have sub stix_core_relationship,
+ relates having as source,
+ relates had as target;
+
+hosts sub stix_core_relationship,
+ relates hosting as source,
+ relates hosted as target;
+
+authored_by sub stix_core_relationship,
+ relates authoring as source,
+ relates authored as target;
+
+beacons_to sub stix_core_relationship,
+ relates beaconing_to as source,
+ relates beaconed_to as target;
+
+exfiltrates_to sub stix_core_relationship,
+ relates exfiltrating_to as source,
+ relates exfiltrated_to as target;
+
+downloads sub stix_core_relationship,
+ relates downloading as source,
+ relates downloaded as target;
+
+drops sub stix_core_relationship,
+ relates dropping as source,
+ relates dropped as target;
+
+exploits sub stix_core_relationship,
+ relates exploiting as source,
+ relates exploited as target;
+
+variant_of sub stix_core_relationship,
+ relates varianted_from as source,
+ relates varianted as target;
+
+characterizes sub stix_core_relationship,
+ relates characterizing as source,
+ relates characterized as target;
+
+analysis sub stix_core_relationship,
+ relates analysing as source,
+ relates analysed as target;
+
+analysis_of sub analysis;
+static_analysis_of sub analysis;
+dynamic_analysis_of sub analysis;
+
+ownerships sub stix_core_relationship,
+ relates owning as source,
+ relates owned as target;
+
+ref sub relation,
+ relates source,
+ relates target;
+
+from_ref sub ref;
+sender_ref sub ref;
+raw_email_ref sub ref;
+body_raw_ref sub ref;
+parent_directory_ref sub ref;
+content_ref sub ref;
+optional_header sub ref,
+ relates from as source;
+belongs_to_ref sub ref;
+src_ref sub ref;
+dst_ref sub ref;
+src_payload_ref sub ref;
+dst_payload_ref sub ref;
+encapsulated_by_ref sub ref;
+massage_body_data_ref sub ref;
+creator_user_ref sub ref;
+image_ref sub ref;
+parent_ref sub ref;
+message_body_data_ref sub ref,
+ relates from as source;
+
+derivation sub relation,
+ relates derived_from,
+ relates deriving;
+
+duplicate_of sub relation,
+ relates duplicated_object;
+
+sighting sub stix_core_relationship,
+ owns first_seen,
+ owns last_seen,
+ owns count,
+ owns summary,
+
+ relates sighting_of,
+ relates observed_data;
+
+
+### 6 SCOs ###
+
+artifact sub stix_cyber_observable_object,
+ owns mime_type,
+ owns payload_bin,
+ owns url_link,
+ owns encryption_algorithm,
+ owns decryption_key,
+
+ # RRel
+ plays body_raw_ref:target,
+ plays raw_email_ref:target,
+ plays content_ref:target,
+ plays message_body_data_ref:target;
+
+autonomous_system sub stix_cyber_observable_object,
+ owns number,
+ owns name,
+ owns rir,
+
+ # RRel
+ plays belongs_to_refs:belonging;
+
+directory sub stix_cyber_observable_object,
+ owns path,
+ owns path_enc,
+ owns ctime,
+ owns mtime,
+ owns atime,
+
+ # Rel
+ plays contains_ref:contained,
+
+ # RRel
+ plays parent_directory_ref:target;
+
+domain_name sub stix_cyber_observable_object,
+ owns stix_value,
+
+ # Rel
+ plays resolves_to_refs:resolved,
+
+ # RRel
+ plays resolves_to_refs:resolving,
+ plays communicates_with:communicated;
+
+
+email_addr sub stix_cyber_observable_object,
+ owns stix_value,
+ owns display_name,
+
+ # Rel
+ plays belongs_to_ref:source,
+
+ # RRel
+ plays from_ref:target,
+ plays sender_ref:target,
+ plays to_refs:to,
+ plays cc_refs:to,
+ plays bcc_refs:to;
+
+email_message sub stix_cyber_observable_object,
+ owns is_multipart,
+ owns date,
+ owns content_type,
+ owns message_id,
+ owns subject,
+ owns body,
+
+ # Rel
+ plays from_ref:source,
+ plays sender_ref:source,
+ plays to_refs:from,
+ plays cc_refs:from,
+ plays bcc_refs:from,
+ plays received_lines:owner, # LinkedList
+ plays body_multipart:to,
+ plays raw_email_ref:source;
+
+
+email_mime_part sub stix_sub_object,
+ owns body,
+ owns content_type,
+ owns content_disposition,
+
+ # Rel
+ plays body_raw_ref:source,
+
+ # RRel
+ plays body_multipart:from;
+
+file sub stix_cyber_observable_object,
+ owns size,
+ owns name,
+ owns name_enc,
+ owns magic_number_hex,
+ owns mime_type,
+ owns ctime,
+ owns mtime,
+ owns atime,
+
+ # Rel
+ plays hashes:hashes_owner,
+ plays parent_directory_ref:source,
+ plays contains_ref:contained,
+ plays content_ref:source,
+
+ # RRel
+ plays downloads:downloaded,
+ plays body_raw_ref:target,
+ plays image_ref:target,
+ plays service_dll_refs:to;
+
+archive_ext sub file,
+ owns comment;
+
+ntfs_ext sub file,
+ owns sid,
+
+ # Rel
+ plays alternate_data_streams:from;
+
+alternate_data_stream sub file,
+
+ # RRel
+ plays alternate_data_streams:to;
+
+pdf_ext sub stix_cyber_observable_object,
+ owns version,
+ owns is_optimized,
+ owns pdfid0,
+ owns pdfid1,
+
+ # Rel
+ plays document_info_dict:document_owner;
+
+raster_image_ext sub file,
+ owns image_height,
+ owns image_width,
+ owns bits_per_pixel,
+
+ # Rel
+ plays exif_tags:exif_owner;
+
+windows_pebinary_ext sub file,
+ owns pe_type,
+ owns imphash,
+ owns machine_hex,
+ owns number_of_sections,
+ owns time_date_stamp,
+ owns pointer_to_symbol_table_hex,
+ owns number_of_symbols,
+ owns size_of_optional_header,
+ owns characterstics_hex,
+
+ # Rel
+ plays optional_header:from,
+ plays sections:from;
+
+windows_pe_optional_header_type sub entity,
+ owns magic_hex,
+ owns major_linker_version,
+ owns minor_linker_version,
+ owns size_of_code,
+ owns size_of_initialized_data,
+ owns size_ofuninitialized_data,
+ owns address_of_entry_point,
+ owns base_of_code,
+ owns base_of_data,
+ owns image_base,
+ owns section_alignment,
+ owns file_alignment,
+ owns major_os_version,
+ owns minor_os_version,
+ owns major_image_version,
+ owns minor_image_version,
+ owns major_subsystem_version,
+ owns minor_subsystem_version,
+ owns win32_version_value_hex,
+ owns size_of_image,
+ owns size_of_headers,
+ owns checksum_hex,
+ owns subsystem_hex,
+ owns dll_characteristics_hex,
+ owns size_of_stack_reserve,
+ owns size_of_stack_commit,
+ owns size_of_heap_reserve,
+ owns size_of_heap_commit,
+ owns loader_flags_hex,
+ owns number_of_rva_and_sizes,
+
+ # Rel
+ plays hashes:hashes_owner,
+
+ # RRel
+ plays optional_header:target;
+
+windows_pe_section sub entity,
+ owns name,
+ owns size,
+ owns entropy,
+
+ # Rel
+ plays hashes:hashes_owner,
+
+ # RRel
+ plays sections:to;
+
+ipv4_address sub stix_cyber_observable_object,
+ owns stix_value,
+
+ # Rel
+ plays resolves_to_refs:resolved,
+ plays belongs_to_refs:belonged,
+
+ # RRel
+ plays resolves_to_refs:resolving,
+ plays communicates_with:communicated;
+
+
+
+ipv6_address sub stix_cyber_observable_object,
+ owns stix_value,
+
+ # Rel
+ plays resolves_to_refs:resolved,
+ plays belongs_to_refs:belonged,
+
+ # RRel
+ plays resolves_to_refs:resolving,
+ plays communicates_with:communicated;
+
+
+mac_addr sub stix_cyber_observable_object,
+ owns stix_value,
+
+ # RRel
+ plays resolves_to_refs:resolving;
+
+
+mutex sub stix_cyber_observable_object,
+ owns name;
+
+
+network_traffic sub stix_cyber_observable_object,
+ owns start,
+ owns end,
+ owns is_active,
+ owns src_port,
+ owns dst_port,
+
+ # Rel
+ plays src_ref:source,
+ plays dst_ref:source,
+ plays src_payload_ref:source,
+ plays dst_payload_ref:source,
+ plays encapsulated_by_ref:source,
+ plays protocols:from,
+ plays ipfix:ipfix_owner,
+ plays encapsulates_refs:encapsulated,
+
+ # RRel
+ plays encapsulates_refs:encapsulating,
+ plays encapsulated_by_ref:target,
+ plays opened_connection_refs:opening;
+
+http_request_ext sub network_traffic,
+ owns request_method,
+ owns request_value,
+ owns request_version,
+ owns message_body_length,
+
+ # Rel
+ plays request_header:header_owner,
+ plays message_body_data_ref:from;
+
+icmp_ext sub network_traffic,
+ owns icmp_type_hex,
+ owns icmp_code_hex;
+
+socket_ext sub network_traffic,
+ owns address_family,
+ owns is_blocking,
+ owns is_listening,
+ owns socket_type,
+ owns socket_descriptor,
+ owns socket_handle,
+
+ # Rel
+ plays options:options_owner;
+
+tcp_ext sub network_traffic,
+ owns src_flags_hex,
+ owns dst_flags_hex;
+
+process sub stix_cyber_observable_object,
+ owns is_hidden,
+ owns pid,
+ owns created_time,
+ owns cwd,
+ owns command_line,
+
+ # Rel
+ plays environment_variables:variables_owner,
+ plays opened_connection_refs:opened,
+ plays creator_user_ref:source,
+ plays image_ref:source,
+ plays parent_ref:source,
+ plays child_refs:parent,
+
+ # RRel
+ plays parent_ref:target,
+ plays child_refs:child;
+
+windows_process_ext sub process,
+ owns aslr_enabled,
+ owns dep_enabled,
+ owns priority,
+ owns owner_sid,
+ owns window_title,
+ owns integrity_level,
+
+ # Rel
+ plays startup_info:info_owner;
+
+windows_service_ext sub process,
+ owns service_name,
+ owns display_name,
+ owns group_name,
+ owns start_type,
+ owns service_type,
+ owns service_status,
+ owns descriptions,
+
+ # Rel
+ plays service_dll_refs:from;
+
+software sub stix_cyber_observable_object,
+ owns name,
+ owns spe,
+ owns swid,
+ owns vendor,
+ owns version,
+ owns languages;
+
+url sub stix_cyber_observable_object,
+ owns stix_value,
+
+ # RRel
+ plays communicates_with:communicated;
+
+
+user_account sub stix_cyber_observable_object,
+ owns user_id,
+ owns credential,
+ owns account_login,
+ owns account_type,
+ owns display_name,
+ owns is_service_account,
+ owns is_privileged,
+ owns can_escalate_privs,
+ owns is_disabled,
+ owns account_created,
+ owns account_expires,
+ owns credential_last_changed,
+ owns account_first_login,
+ owns account_last_login,
+
+ # RRel
+ plays belongs_to_ref:target,
+ plays creator_user_ref:target;
+
+unix_account_ext sub user_account,
+ owns gid,
+ owns home_dir,
+ owns shell,
+ owns groups;
+
+
+windows_registry_key sub stix_cyber_observable_object,
+ owns attribute_key,
+ owns modified_time,
+ owns number_subkeys,
+
+ # Rel
+ plays values:from,
+ plays creator_user_ref:source;
+
+windows_registry_value_type sub stix_cyber_observable_object,
+ owns name,
+ owns data,
+ owns data_type,
+
+ # RRel
+ plays values:to;
+
+x509_certificate sub stix_cyber_observable_object,
+ owns is_self_signed,
+ owns version,
+ owns serial_number,
+ owns signature_algorithm,
+ owns issuer,
+ owns validity_not_before,
+ owns validity_not_after,
+ owns subject,
+ owns subject_public_key_algorithm,
+ owns subject_public_key_modulus,
+ owns subject_public_key_exponent,
+
+ # Rel
+ plays hashes:hashes_owner;
+
+x509_v3_extensions sub x509_certificate,
+ owns basic_constraints,
+ owns name_constraints,
+ owns policy_constraints,
+ owns key_usage,
+ owns extended_key_usage,
+ owns subject_key_identifier,
+ owns authority_key_identifier,
+ owns subject_alternative_name,
+ owns issuer_alternative_name,
+ owns subject_directory_attributes,
+ owns crl_distribution_points,
+ owns inhibit_any_policy,
+ owns private_key_usage_period_not_before,
+ owns private_key_usage_period_not_after,
+ owns certificate_policies,
+ owns policy_mappings;
+
+marking_definition sub stix_object,
+ owns created,
+ owns modified,
+ owns name,
+ owns spec_version,
+
+ plays created_by:created,
+ plays data_marking:marking,
+ plays external_references:referencing;
+
+statement_marking sub marking_definition,
+ owns statement;
+
+tlp_marking sub marking_definition,
+ owns color;
+
+list sub relation,
+ relates list_item,
+ relates owner;
+
+linked_list sub list,
+ plays first_element:list,
+ plays last_element:list,
+ plays list_element:list;
+
+first_element sub relation,
+ relates first,
+ relates list;
+
+last_element sub relation,
+ relates last,
+ relates list;
+
+list_element sub relation,
+ relates element,
+ relates list;
+
+node sub relation,
+ relates next,
+ relates listed,
+
+ # Rel
+ plays node:next,
+
+ # RRel
+ plays list_element:element,
+ plays last_element:last,
+ plays first_element:first;
+
+dict sub relation,
+ relates dict_item,
+ relates owner,
+ owns key_abstract,
+ abstract;
+
+hashes sub dict,
+ relates hash_value as dict_item,
+ relates hashes_owner as owner,
+ owns hash_algorithm as key_abstract;
+
+document_info_dict sub dict,
+ relates document_info as dict_item,
+ relates document_owner as owner,
+ owns key as key_abstract;
+
+exif_tags sub dict,
+ relates exif_tag as dict_item,
+ relates exif_owner as owner,
+ owns key as key_abstract;
+
+ipfix sub dict,
+ relates ipfix_field as dict_item,
+ relates ipfix_owner as owner,
+ owns key as key_abstract;
+
+request_header sub dict,
+ relates header as dict_item,
+ relates header_owner as owner,
+ owns key as key_abstract;
+
+options sub dict,
+ relates option as dict_item,
+ relates options_owner as owner,
+ owns key as key_abstract;
+
+environment_variables sub dict,
+ relates variable as dict_item,
+ relates variables_owner as owner,
+ owns key as key_abstract;
+
+startup_info sub dict,
+ relates info as dict_item,
+ relates info_owner as owner,
+ owns key as key_abstract;
+
+additional_header_fields sub relation,
+ relates dict_item,
+ relates owner,
+
+ plays header_fields:owner,
+
+ owns key;
+
+header_fields sub list,
+ plays additional_header_fields:dict_item;
+
+external_references sub list,
+ relates referencing as list_item,
+ relates referenced as owner;
+
+kill_chain_phases sub list,
+ relates using as list_item,
+ relates used as owner;
+
+data_marking sub list,
+ relates marking as list_item,
+ relates marked as owner,
+
+ plays granular_marking:marking;
+
+object_marking sub list,
+ relates marking as list_item,
+ relates marked as owner;
+
+granular_marking sub list,
+ relates marking as list_item,
+ relates marked as owner;
+
+created_by sub list,
+ relates creator as list_item,
+ relates created as owner;
+
+resolves_to_refs sub list,
+ relates resolving as list_item,
+ relates resolved as owner;
+
+belongs_to_refs sub list,
+ relates belonging as list_item,
+ relates belonged as owner;
+
+contains_ref sub list,
+ relates containing as list_item,
+ relates contained as owner;
+
+to_refs sub list,
+ relates to as list_item,
+ relates from as owner;
+
+cc_refs sub list,
+ relates to as list_item,
+ relates from as owner;
+
+bcc_refs sub list,
+ relates to as list_item,
+ relates from as owner;
+
+body_multipart sub list,
+ relates to as list_item,
+ relates from as owner;
+
+alternate_data_streams sub list,
+ relates to as list_item,
+ relates from as owner;
+
+sections sub list,
+ relates to as list_item,
+ relates from as owner;
+
+protocols sub list,
+ relates to as list_item,
+ relates from as owner;
+
+encapsulates_refs sub list,
+ relates encapsulating as list_item,
+ relates encapsulated as owner;
+
+opened_connection_refs sub list,
+ relates opening as list_item,
+ relates opened as owner;
+
+child_refs sub list,
+ relates child as list_item,
+ relates parent as owner;
+
+service_dll_refs sub list,
+ relates to as list_item,
+ relates from as owner;
+
+values sub list,
+ relates to as list_item,
+ relates from as owner;
+
+received_lines sub linked_list;
+
+stix_attribute_string sub attribute,
+ value string,
+
+ plays granular_marking:marking,
+ abstract;
+
+stix_type sub stix_attribute_string;
+stix_id sub stix_attribute_string;
+stix_role sub stix_attribute_string;
+spec_version sub stix_attribute_string;
+labels sub stix_attribute_string;
+langs sub stix_attribute_string;
+defanged sub stix_attribute_string;
+source_name sub stix_attribute_string;
+url_link sub stix_attribute_string;
+external_id sub stix_attribute_string;
+name sub stix_attribute_string;
+name_enc sub stix_attribute_string;
+magic_number_hex sub stix_attribute_string;
+mime_type sub stix_attribute_string;
+aliases sub stix_attribute_string;
+objective sub stix_attribute_string;
+action sub stix_attribute_string;
+context sub stix_attribute_string;
+identity_class sub stix_attribute_string;
+sector sub stix_attribute_string;
+infrastructure_types sub stix_attribute_string;
+contact_information sub stix_attribute_string;
+indicator_type sub stix_attribute_string;
+pattern sub stix_attribute_string;
+pattern_type sub stix_attribute_string;
+pattern_version sub stix_attribute_string;
+goals sub stix_attribute_string;
+resource_level sub stix_attribute_string;
+primary_motivation sub stix_attribute_string;
+secondary_motivations sub stix_attribute_string;
+malware_types sub stix_attribute_string;
+architecture_execution_envs sub stix_attribute_string;
+implementation_languages sub stix_attribute_string;
+capabilities sub stix_attribute_string;
+region sub stix_attribute_string;
+country sub stix_attribute_string;
+administrative_area sub stix_attribute_string;
+city sub stix_attribute_string;
+street_address sub stix_attribute_string;
+postal_code sub stix_attribute_string;
+version sub stix_attribute_string;
+configuration_version sub stix_attribute_string;
+module sub stix_attribute_string;
+analysis_engine_version sub stix_attribute_string;
+analysis_definition_version sub stix_attribute_string;
+result_name sub stix_attribute_string;
+result sub stix_attribute_string;
+note_abstract sub stix_attribute_string;
+content sub stix_attribute_string;
+authors sub stix_attribute_string;
+explanation sub stix_attribute_string;
+opinion_enum sub stix_attribute_string;
+report_type sub stix_attribute_string;
+sophistication sub stix_attribute_string;
+personal_characteristics sub stix_attribute_string;
+roles sub stix_attribute_string;
+threat_actor_types sub stix_attribute_string;
+tool_types sub stix_attribute_string;
+tool_version sub stix_attribute_string;
+vulnerability_types sub stix_attribute_string;
+kill_chain_name sub stix_attribute_string;
+kill_chain_phase_name sub stix_attribute_string;
+summary sub stix_attribute_string;
+payload_bin sub stix_attribute_string;
+decryption_key sub stix_attribute_string;
+path sub stix_attribute_string;
+path_enc sub stix_attribute_string;
+rir sub stix_attribute_string;
+display_name sub stix_attribute_string;
+content_type sub stix_attribute_string;
+message_id sub stix_attribute_string;
+subject sub stix_attribute_string;
+body sub stix_attribute_string;
+content_disposition sub stix_attribute_string;
+comment sub stix_attribute_string;
+sid sub stix_attribute_string;
+owner_sid sub stix_attribute_string;
+pdfid0 sub stix_attribute_string;
+pdfid1 sub stix_attribute_string;
+pe_type sub stix_attribute_string;
+imphash sub stix_attribute_string;
+machine_hex sub stix_attribute_string;
+pointer_to_symbol_table_hex sub stix_attribute_string;
+characterstics_hex sub stix_attribute_string;
+win32_version_value_hex sub stix_attribute_string;
+checksum_hex sub stix_attribute_string;
+subsystem_hex sub stix_attribute_string;
+dll_characteristics_hex sub stix_attribute_string;
+loader_flags_hex sub stix_attribute_string;
+magic_hex sub stix_attribute_string;
+request_method sub stix_attribute_string;
+request_value sub stix_attribute_string;
+request_version sub stix_attribute_string;
+icmp_type_hex sub stix_attribute_string;
+icmp_code_hex sub stix_attribute_string;
+service_name sub stix_attribute_string;
+subject_public_key_algorithm sub stix_attribute_string;
+subject_public_key_modulus sub stix_attribute_string;
+certificate_policies sub stix_attribute_string;
+crl_distribution_points sub stix_attribute_string;
+subject_directory_attributes sub stix_attribute_string;
+key_usage sub stix_attribute_string;
+subject_alternative_name sub stix_attribute_string;
+subject_key_identifier sub stix_attribute_string;
+extended_key_usage sub stix_attribute_string;
+name_constraints sub stix_attribute_string;
+policy_mappings sub stix_attribute_string;
+policy_constraints sub stix_attribute_string;
+basic_constraints sub stix_attribute_string;
+inhibit_any_policy sub stix_attribute_string;
+authority_key_identifier sub stix_attribute_string;
+issuer_alternative_name sub stix_attribute_string;
+data sub stix_attribute_string;
+user_id sub stix_attribute_string;
+priority sub stix_attribute_string;
+stix_value sub stix_attribute_string;
+cwd sub stix_attribute_string;
+command_line sub stix_attribute_string;
+account_login sub stix_attribute_string;
+group_name sub stix_attribute_string;
+dst_flags_hex sub stix_attribute_string;
+src_flags_hex sub stix_attribute_string;
+product sub stix_attribute_string;
+spe sub stix_attribute_string;
+exif_tag_string sub stix_attribute_string;
+window_title sub stix_attribute_string;
+statement sub stix_attribute_string;
+home_dir sub stix_attribute_string;
+account_type sub stix_attribute_string;
+credential sub stix_attribute_string;
+attribute_key sub stix_attribute_string;
+shell sub stix_attribute_string;
+swid sub stix_attribute_string;
+vendor sub stix_attribute_string;
+description sub stix_attribute_string;
+descriptions sub stix_attribute_string;
+languages sub stix_attribute_string;
+groups sub stix_attribute_string;
+
+received sub stix_attribute_string,
+ plays node:listed;
+document_info sub stix_attribute_string,
+ plays document_info_dict:document_info;
+protocol sub stix_attribute_string,
+ plays protocols:to;
+ipfix_string sub stix_attribute_string,
+ plays ipfix:ipfix_field;
+header sub stix_attribute_string,
+ plays request_header:header;
+environment_variable sub stix_attribute_string,
+ plays environment_variables:variable;
+startup sub stix_attribute_string,
+ plays startup_info:info;
+
+
+
+issuer sub stix_attribute_string;
+serial_number sub stix_attribute_string;
+signature_algorithm sub stix_attribute_string;
+subject_public_key_exponent sub stix_attribute_string;
+
+hash_value sub stix_attribute_string,
+ plays hashes:hash_value;
+key_abstract sub stix_attribute_string,
+ abstract;
+key sub key_abstract;
+hash_algorithm sub key_abstract,
+ regex "^(MD5|SHA-1|SHA-256|SHA-512|SHA3-256|SHA3-512|SSDEEP|TLSH)$";
+encryption_algorithm sub stix_attribute_string,
+ regex "^(AES_256_GCM|ChaCha20_Poly1305|mime_type_indicated)$";
+address_family sub stix_attribute_string,
+ regex "^(AF_UNSPEC|AF_INET|AF_IPX|AF_APPLETALK|AF_NETBIOS|AF_INET6|AF_IRDA|AF_BTH)$";
+socket_type sub stix_attribute_string,
+ regex "^(SOCK_STREAM|SOCK_DGRAM|SOCK_RAW|SOCK_RDM|SOCK_SEQPACKET)$";
+opinion_enum sub stix_attribute_string,
+ regex "^(strongly_disagree|disagree|neutral|agree|strongly_agree)$";
+integrity_level sub stix_attribute_string,
+ regex "^(low|medium|high|system)$";
+data_type sub stix_attribute_string,
+ regex "^(REG_NONE|REG_SZ|REG_EXPAND_SZ|REG_BINARY|REG_DWORD|REG_DWORD_BIG_ENDIAN|REG_LINK|REG_MULTI_SZ|REG_RESOURCE_LIST|REG_FULL_RESOURCE_DESCRIPTION|REG_RESOURCE_REQUIREMENTS_LIST|REG_QWORD|REG_INVALID_TYPE)$";
+start_type sub stix_attribute_string,
+ regex "^(SERVICE_AUTO_START|SERVICE_BOOT_START|SERVICE_DEMAND_START|SERVICE_DISABLED|SERVICE_SYSTEM_ALERT)$";
+service_type sub stix_attribute_string,
+ regex "^(SERVICE_KERNEL_DRIVER|SERVICE_FILE_SYSTEM_DRIVER|SERVICE_WIN32_OWN_PROCESS|SERVICE_WIN32_SHARE_PROCESS)$";
+service_status sub stix_attribute_string,
+ regex "^(SERVICE_CONTINUE_PENDING|SERVICE_PAUSE_PENDING|SERVICE_PAUSED|SERVICE_RUNNING|SERVICE_START_PENDING|SERVICE_STOP_PENDING|SERVICE_STOPPED)$";
+color sub stix_attribute_string,
+ regex "^(white|green|amber|red|clear)$";
+stix_attribute_double sub attribute,
+ value double,
+
+ plays granular_marking:marked,
+ abstract;
+
+number sub stix_attribute_double;
+latitude sub stix_attribute_double;
+longitude sub stix_attribute_double;
+precision sub stix_attribute_double;
+number_observed sub stix_attribute_double;
+count sub stix_attribute_double;
+entropy sub stix_attribute_double;
+size_ofuninitialized_data sub stix_attribute_double;
+
+stix_attribute_integer sub attribute,
+ value long,
+
+ plays granular_marking:marked,
+ abstract;
+
+size sub stix_attribute_integer;
+gid sub stix_attribute_integer;
+image_height sub stix_attribute_integer;
+image_width sub stix_attribute_integer;
+bits_per_pixel sub stix_attribute_integer;
+confidence sub stix_attribute_integer;
+number_of_sections sub stix_attribute_integer;
+number_of_symbols sub stix_attribute_integer;
+size_of_optional_header sub stix_attribute_integer;
+major_linker_version sub stix_attribute_integer;
+minor_linker_version sub stix_attribute_integer;
+size_of_code sub stix_attribute_integer;
+size_of_initialized_data sub stix_attribute_integer;
+size_of_uninitialized_data sub stix_attribute_integer;
+address_of_entry_point sub stix_attribute_integer;
+base_of_code sub stix_attribute_integer;
+base_of_data sub stix_attribute_integer;
+image_base sub stix_attribute_integer;
+section_alignment sub stix_attribute_integer;
+file_alignment sub stix_attribute_integer;
+major_os_version sub stix_attribute_integer;
+minor_os_version sub stix_attribute_integer;
+major_image_version sub stix_attribute_integer;
+minor_image_version sub stix_attribute_integer;
+major_subsystem_version sub stix_attribute_integer;
+minor_subsystem_version sub stix_attribute_integer;
+size_of_image sub stix_attribute_integer;
+size_of_headers sub stix_attribute_integer;
+size_of_stack_reserve sub stix_attribute_integer;
+size_of_stack_commit sub stix_attribute_integer;
+size_of_heap_reserve sub stix_attribute_integer;
+size_of_heap_commit sub stix_attribute_integer;
+number_of_rva_and_sizes sub stix_attribute_integer;
+message_body_length sub stix_attribute_integer;
+number_subkeys sub stix_attribute_integer;
+exif_tag_int sub stix_attribute_integer;
+src_port sub stix_attribute_integer;
+dst_port sub stix_attribute_integer;
+src_byte_count sub stix_attribute_integer;
+dst_byte_count sub stix_attribute_integer;
+src_packets sub stix_attribute_integer;
+dst_packets sub stix_attribute_integer;
+socket_descriptor sub stix_attribute_integer;
+socket_handle sub stix_attribute_integer;
+pid sub stix_attribute_integer;
+option sub stix_attribute_integer,
+ plays options:option;
+ipfix_integer sub stix_attribute_integer,
+ plays ipfix:ipfix_field;
+
+stix_attribute_boolean sub attribute,
+ value boolean,
+
+ plays granular_marking:marked,
+ abstract;
+
+is_family sub stix_attribute_boolean;
+is_optimized sub stix_attribute_boolean;
+is_self_signed sub stix_attribute_boolean;
+dep_enabled sub stix_attribute_boolean;
+is_active sub stix_attribute_boolean;
+is_hidden sub stix_attribute_boolean;
+is_blocking sub stix_attribute_boolean;
+is_listening sub stix_attribute_boolean;
+can_escalate_privs sub stix_attribute_boolean;
+is_service_account sub stix_attribute_boolean;
+is_privileged sub stix_attribute_boolean;
+can_escalate_privs sub stix_attribute_boolean;
+is_disabled sub stix_attribute_boolean;
+is_multipart sub stix_attribute_boolean;
+aslr_enabled sub stix_attribute_boolean;
+revoked sub stix_attribute_boolean;
+
+
+stix_attribute_timestamp sub attribute,
+ value datetime,
+
+ plays granular_marking:marked,
+ abstract;
+
+
+date sub stix_attribute_timestamp;
+ctime sub stix_attribute_timestamp;
+atime sub stix_attribute_timestamp;
+mtime sub stix_attribute_timestamp;
+created sub stix_attribute_timestamp;
+modified sub stix_attribute_timestamp;
+submitted sub stix_attribute_timestamp;
+valid_from sub stix_attribute_timestamp;
+valid_until sub stix_attribute_timestamp;
+first_observed sub stix_attribute_timestamp;
+last_observed sub stix_attribute_timestamp;
+analysis_started sub stix_attribute_timestamp;
+analysis_ended sub stix_attribute_timestamp;
+published sub stix_attribute_timestamp;
+first_seen sub stix_attribute_timestamp;
+last_seen sub stix_attribute_timestamp;
+time_date_stamp sub stix_attribute_timestamp;
+end sub stix_attribute_timestamp;
+start sub stix_attribute_timestamp;
+created_time sub stix_attribute_timestamp;
+modified_time sub stix_attribute_timestamp;
+account_created sub stix_attribute_timestamp;
+account_expires sub stix_attribute_timestamp;
+credential_last_changed sub stix_attribute_timestamp;
+account_first_login sub stix_attribute_timestamp;
+account_last_login sub stix_attribute_timestamp;
+validity_not_before sub stix_attribute_timestamp;
+validity_not_after sub stix_attribute_timestamp;
+private_key_usage_period_not_after sub stix_attribute_timestamp;
+private_key_usage_period_not_before sub stix_attribute_timestamp;
+
+
+custom_attribute sub attribute, value string,
+ plays granular_marking:marked,
+ owns attribute_type;
+
+attribute_type sub attribute, value string;
+
+
+rule transitive_use:
+when {
+ $x isa stix_domain_object, has name $name1;
+ $y isa stix_domain_object, has name $name2;
+ $z isa stix_domain_object, has name $name3;
+ $use1 (used_by: $x, used: $y) isa uses;
+ $use2 (used_by: $y, used: $z) isa uses;
+} then {
+ (used_by: $x, used: $z) isa uses;
+};
+
+rule attributed_to_when_using:
+when {
+ (attributing: $x, attributed: $y) isa attributed_to;
+ (used_by: $y, used: $z) isa uses;
+} then {
+ (used_by: $x, used: $z) isa uses;
+};
+
+rule attributed_to_when_targeting:
+when {
+ (attributing: $x, attributed: $y) isa attributed_to;
+ (targeting: $y, targeted: $z) isa targets;
+} then {
+ (targeting: $x, targeted: $z) isa targets;
+};
+
+
+
+rule linked_list_item:
+when {
+ { (list: $x, first: $z) isa first_element;}
+ or {
+ (list: $x, element: $y) isa list_element;
+ $y (next: $z) isa node;
+ };
+ $x isa linked_list;
+ $z isa node;
+ $y isa node;
+} then {
+ (list: $x, element: $z) isa list_element;
+};
+
+
+rule last_element_linked_list:
+when {
+ (list: $x, element: $y) isa list_element;
+ not {
+ $z isa node;
+ $y (next: $z);
+ };
+ $x isa linked_list;
+ $y isa node;
+ $z isa node;
+} then {
+ (list: $x, last: $y) isa last_element;
+};
+
+
+
+
diff --git a/cybersecurity/cyber_threat_intelligence/src/main/resources/small_dataset.tql b/cybersecurity/cyber_threat_intelligence/src/main/resources/small_dataset.tql
new file mode 100644
index 00000000..d63f33e8
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/main/resources/small_dataset.tql
@@ -0,0 +1,518 @@
+#
+# Copyright (C) 2023 Vaticle
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# These examples below demonstrate how to use STIX 2.1 concepts for common use cases.
+# They are useful for linking multiple concepts together and provide more detail regarding STIX objects and properties.
+# Source:
+# https://oasiss-open.github.io/cti-documentation/stix/examples.html
+
+# Example from: https://oasis-open.github.io/cti-documentation/examples/identifying-a-threat-actor-profile
+# Identifying a Threat Actor Profile
+insert
+$ta isa threat_actor, has name "Disco Team Threat Actor Group",
+ has spec_version "2.1",
+ has stix_id "threat_actor__dfaa8d77_07e2_4e28_b2c8_92e9f7b04428",
+ has created 2014-11-19T23:39:03.893,
+ has modified 2014-11-19T23:39:03.893,
+ has aliases "disco_team@stealthemail.com",
+ has aliases "Equipo del Discoteca",
+ has description "This organized threat actor group operates to create profit from all types of crime.",
+ has aliases "Equipo del Discoteca",
+ has stix_role "agent",
+ has goals "Steal Credit Card Information",
+ has sophistication "expert",
+ has resource_level "organization",
+ has threat_actor_types "crime syndicate",
+ has primary_motivation "personal_gain";
+$id isa organization, has name "Disco Team", has spec_version "2.1",
+ has stix_id "identity__733c5838_34d9_4fbf_949c_62aba761184c",
+ has created 2016-08-23T18:05:49.307, has modified 2016-08-23T18:05:49.307,
+ has description "Disco Team is the name of an organized threat actor crime_syndicate.",
+ has contact_information "disco_team@stealthemail.com";
+
+(attributing: $ta, attributed: $id) isa attributed_to, has spec_version "2.1",
+ has stix_id "relationship__a2e3efb5_351d_4d46_97a0_6897ee7c77a0",
+ has created 2020-02-29T18:01:28.577,
+ has modified 2020-02-29T18:01:28.577;
+
+# Example from: https://oasis-open.github.io/cti-documentation/examples/indicator-for-malicious-url
+# Identicator for malicious URL
+
+$in isa indicator, has name "Malicious site hosting downloader",
+ has spec_version "2.1",
+ has description "This organized threat actor group operates to create profit from all types of crime.",
+ has created 2014-06-29T13:49:37.079,
+ has modified 2014-06-29T13:49:37.079,
+ has stix_id "indicator__d81f86b9_975b_4c0b_875e_810c5ad45a4f",
+ has pattern "[url:value = 'http://x4z9arb.cn/4712/']",
+ has pattern_type "stix",
+ has valid_from 2014-06-29T13:49:37.079,
+ has indicator_type "malicious_activity";
+$ma isa malware, has name "x4z9arb backdoor",
+ has spec_version "2.1",
+ has langs "french",
+ has stix_id "malware__162d917e_766f_4611_b5d6_652791454fca",
+ has created 2014-06-30T09:15:17.182,
+ has modified 2014-06-30T09:15:17.182,
+ has description "This malware attempts to download remote files after establishing a foothold as a backdoor.",
+ has malware_types "backdoor",
+ has malware_types "remote_access_trojan",
+ has is_family false;
+$kill_chain_phase isa kill_chain_phase,
+ has kill_chain_name "mandiant_attack_lifecycle_model",
+ has kill_chain_phase_name "establish_foothold";
+
+(used: $ma, using: $kill_chain_phase) isa kill_chain_phases;
+(indicating: $in, indicated: $ma) isa indicates,
+ has spec_version "2.1",
+ has stix_id "relationship__864af2ea_46f9_4d23_b3a2_1c2adf81c265",
+ has created 2020-02-29T18:03:58.029,
+ has modified 2020-02-29T18:03:58.029;
+
+# Example from: https://oasis-open.github.io/cti-documentation/examples/malware-indicator-for-file-hash
+# Malware indicator for file hash
+
+$in2 isa indicator, has name "File hash for Poison Ivy variant",
+ has spec_version "2.1",
+ has stix_id "indicator__a932fcc6_e032_476c_826f_cb970a5a1ade",
+ has created 2014-02-20T09:16:08.989,
+ has modified 2014-02-20T09:16:08.989,
+ has description "This file hash indicates that a sample of Poison Ivy is present.",
+ has indicator_type "malicious_activity",
+ has pattern "[file:hashes.'SHA_256' = 'ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c']",
+ has pattern_type "stix",
+ has valid_from 2014-02-20T09:00:00;
+$m isa malware, has name "Poison Ivy",
+ has spec_version "2.1",
+ has stix_id "malware__fdd60b30_b67c_41e3_b0b9_f01faf20d111",
+ has langs "english",
+ has created 2014-02-20T09:16:08.989,
+ has modified 2014-02-20T09:16:08.989,
+ has malware_types "remote_access_trojan",
+ has is_family false;
+(indicating: $in2, indicated: $m) isa indicates,
+ has spec_version "2.1",
+ has stix_id "relationship__29dcdf68_1b0c_4e16_94ed_bcc7a9572f69",
+ has created 2020-02-29T18:09:12.808,
+ has modified 2020-02-29T18:09:12.808;
+
+# Example from: https://oasis-open.github.io/cti-documentation/examples/sighting-of-an-indicator
+# Sighting of an Indicator
+
+$malicious_url isa indicator, has name "Malicious URL",
+ has spec_version "2.1",
+ has stix_id "indicator__9299f726_ce06_492e_8472_2b52ccb53191",
+ has created 2017-02-27T13:57:10.515,
+ has modified 2017-02-27T13:57:10.515,
+ has description "This URL is potentially associated with malicious activity and is listed on several blacklist sites.",
+ has indicator_type "malicious_activity",
+ has pattern "[url:value = 'http://paypa1.banking.com']",
+ has pattern_type "stix",
+ has valid_from 2015-06-29T09:10:15.915;
+$alpha isa organization, has name "Alpha Threat Analysis Org.",
+ has spec_version "2.1",
+ has stix_id "identity__39012926_a052_44c4_ae48_caaf4a10ee6e",
+ has created 2017-02-24T15:50:10.564,
+ has modified 2017-02-24T15:50:10.564,
+ has stix_role "Cyber Security",
+ has sector "technology",
+ has contact_information "info@alpha.org";
+$beta isa organization, has name "Beta Cyber Intelligence Company",
+ has spec_version "2.1",
+ has stix_id "identity__5206ba14_478f_4b0b_9a48_395f690c20a2",
+ has created 2017-02-26T17:55:10.442,
+ has modified 2017-02-26T17:55:10.442,
+ has stix_role "Cyber Security",
+ has sector "technology",
+ has contact_information "info@beta.com";
+(observed_data: $beta, sighting_of: $malicious_url) isa sighting, has stix_id "5206ba14_478f_4b0b_9a48_395f690c20a2";
+(creator: $alpha, created: $malicious_url) isa created_by;
+
+# Example from: https://oasis-open.github.io/cti-documentation/examples/sighting-of-observed-data
+# Sighting of Observed Data
+
+$pym isa organization, has name "Pym Technologies",
+ has spec_version "2.1",
+ has stix_id "identity__7865b6d2_a4af_45c5_b582_afe5ec376c33",
+ has created 2013-04-14T13:07:49.812,
+ has modified 2013-04-14T13:07:49.812,
+ has sector "technology",
+ has contact_information "hank@pymtech.com";
+$oscorp isa organization, has name "Oscorp Industries",
+ has spec_version "2.1" ,
+ has stix_id "identity__987eeee1_413a_44ac_96cc_0a8acdcc2f2c",
+ has created 2017-01-14T13:07:49.812,
+ has modified 2017-01-14T13:07:49.812,
+ has sector "technology",
+ has contact_information "norman@oscorp.com";
+$malware isa malware, has name "Online Job Site Trojan",
+ has spec_version "2.1",
+ has stix_id "malware__ae560258_a5cb_4be8_8f05_013d6712295f",
+ has created 2014-02-20T09:16:08.989,
+ has modified 2014-02-20T09:16:08.989,
+ has description "Trojan that is disguised as the executable file resume.pdf., it also creates a registry key.",
+ has malware_types "remote_access_trojan",
+ has is_family false;
+$file isa file,
+ has stix_id "file__364fe3e5_b1f4_5ba3_b951_ee5983b3538d",
+ has spec_version "2.1",
+ has size 83968,
+ has name "resume.pdf";
+$ploup isa hash_value;
+$ploup "1717b7fff97d37a1e1a0029d83492de1";
+$plip isa hash_value;
+$plip "1717b7fff97d37a1e1a0aa29d83492de1";
+(hash_value: $ploup, hashes_owner: $file) isa hashes, has hash_algorithm "MD5";
+(hash_value: $plip, hashes_owner: $file) isa hashes, has hash_algorithm "SHA-1";
+$data1 isa observed_data,
+ has spec_version "2.1",
+ has stix_id "observed_data__cf8eaa41_6f4c_482e_89b9_9cd2d6a83cb1",
+ has created 2017-02-28T19:37:11.213,
+ has modified 2017-02-28T19:37:11.213,
+ has first_observed 2017-02-27T21:37:11.213,
+ has last_observed 2017-02-27T21:37:11.213,
+ has number_observed 1;
+$key isa windows_registry_key,
+ has stix_id "windows_registry_key__16b80d14_d574_5620_abad_10ff304b1c26",
+ has spec_version "2.1",
+ has attribute_key "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WSALG2";
+$data2 isa observed_data,
+ has spec_version "2.1",
+ has stix_id "observed_data__a0d34360_66ad_4977_b255_d9e1080421c4",
+ has created 2017-02-28T19:37:11.213,
+ has modified 2017-02-28T19:37:11.213,
+ has first_observed 2017-02-27T21:37:11.213,
+ has last_observed 2017-02-27T21:37:11.213,
+ has number_observed 1;
+(creator: $oscorp, created: $data2) isa created_by;
+(creator: $oscorp, created: $data1) isa created_by;
+(creator: $pym, created: $malware) isa created_by;
+(sighting_of: $malware, observed_data: $data1, observed_data: $data2) isa sighting,
+ has spec_version "2.1",
+ has stix_id "sighting__779c4ae8_e134_4180_baa4_03141095d971",
+ has created 2017-02-28T19:37:11.213,
+ has modified 2017-02-28T19:37:11.213,
+ has first_seen 2017-02-28T19:07:24.856,
+ has last_seen 2017-02-28T19:07:24.857,
+ has count 1;
+(referencing: $data1, referenced: $file) isa external_references;
+(referencing: $data2, referenced: $key) isa external_references;
+
+# Example from: https://oasis-open.github.io/cti-documentation/examples/threat-actor-leveraging-attack-patterns-and-malware
+# Threat Actor Leveraging Attack Patterns and Malware
+
+$bravo_ta isa threat_actor,
+ has spec_version "2.1",
+ has stix_id "threat_actor__9a8a0d25_7636_429b_a99e_b2a73cd0f11f",
+ has created 2015-05-07T14:22:14.760,
+ has modified 2015-05-07T14:22:14.760,
+ has name "Adversary Bravo",
+ has description "Adversary Bravo is known to use phishing attacks to deliver remote access malware to the targets.",
+ has threat_actor_types "spy",
+ has threat_actor_types "criminal";
+$poison_ivy isa malware,
+ has spec_version "2.1",
+ has stix_id "malware__d1c612bc_146f_4b65_b7b0_9a54a14150a4",
+ has created 2015-04-23T11:12:34.760,
+ has modified 2015-04-23T11:12:34.760,
+ has name "Poison Ivy Variant d1c6",
+ has is_family false,
+ has malware_types "remote_access_trojan";
+$kill_chain_phase isa kill_chain_phase,
+ has kill_chain_name "mandiant_attack_lifecycle_model",
+ has kill_chain_phase_name "initial_compromise";
+
+(used: $poison_ivy, using: $kill_chain_phase) isa kill_chain_phases;
+
+$phishing isa attack_pattern,
+ has spec_version "2.1",
+ has stix_id "attack_pattern__8ac90ff3_ecf8_4835_95b8_6aea6a623df5",
+ has created 2015-05-07T14:22:14.760,
+ has modified 2015-05-07T14:22:14.760,
+ has name "Phishing",
+ has description "Spear phishing used as a delivery mechanism for malware.";
+
+(used: $phishing, using: $kill_chain_phase) isa kill_chain_phases;
+
+$bravo_id isa id_unknown,
+ has spec_version "2.1",
+ has stix_id "identity__1621d4d4_b67d_41e3_9670_f01faf20d111",
+ has created 2015-05-10T16:27:17.760,
+ has modified 2015-05-10T16:27:17.760,
+ has name "Adversary Bravo",
+ has description "Adversary Bravo is a threat actor that utilizes phishing attacks.";
+(used_by: $bravo_ta, used: $poison_ivy) isa uses,
+ has spec_version "2.1",
+ has stix_id "relationship__d44019b6_b8f7_4cb3_837e_7fd3c5724b87",
+ has created 2020-02-29T18:18:08.661,
+ has modified 2020-02-29T18:18:08.661;
+(used_by: $bravo_ta, used: $phishing) isa uses,
+ has spec_version "2.1",
+ has stix_id "relationship__3cd2d6f9_0ded_486b_8dca_606283a8997f",
+ has created 2020-02-29T18:18:08.661,
+ has modified 2020-02-29T18:18:08.661;
+(attributing: $bravo_ta, attributed: $bravo_id) isa attributed_to,
+ has spec_version "2.1",
+ has stix_id "relationship__56e5f1c8_08f3_4e24_9e8e_f87d844672ec",
+ has created 2020-02-29T18:18:08.661,
+ has modified 2020-02-29T18:18:08.661;
+
+# Example from: https://oasis-open.github.io/cti-documentation/examples/malware-indicator-for-file-hash
+# Malware Indicator for File Hash
+
+$in3 isa indicator, has name "Malicious site hosting downloader",
+ has spec_version "2.1",
+ has description "File hash for Poison Ivy variant",
+ has created 2014-02-20T09:16:08.989,
+ has modified 2014-02-20T09:16:08.989,
+ has stix_id "indicator--a932fcc6-e032-476c-826f-cb970a5a1ade",
+ has pattern "[file:hashes.'SHA-256' = 'ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c']",
+ has pattern_type "stix",
+ has valid_from 2014-02-20T09:00:00,
+ has indicator_type "malicious_activity";
+$ma2 isa malware, has name "Poison Ivy",
+ has spec_version "2.1",
+ has stix_id "malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111",
+ has created 2014-02-20T09:16:08.989,
+ has modified 2014-02-20T09:16:08.989,
+ has malware_types "backdoor",
+ has malware_types "remote_access_trojan",
+ has is_family false;
+
+(indicating: $in3, indicated: $ma2) isa indicates,
+ has spec_version "2.1",
+ has stix_id "relationship--29dcdf68-1b0c-4e16-94ed-bcc7a9572f69",
+ has created 2020-02-29T18:09:12.808,
+ has modified 2020-02-29T18:09:12.808;
+
+# Example from: https://oasis-open.github.io/cti-documentation/examples/defining-campaign-ta-is
+# Defining Campaigns vs. Threat Actors vs. Intrusion Sets
+
+$bpp_ta isa threat_actor,
+ has spec_version "2.1",
+ has stix_id "threat-actor--56f3f0db-b5d5-431c-ae56-c18f02caf500",
+ has created 2016-08-08T15:50:10.983,
+ has modified 2016-08-08T15:50:10.983,
+ has name "Fake BPP (Branistan Peoples Party)",
+ has threat_actor_types "nation-state",
+ has roles "director",
+ has revoked true,
+ has goals "Influence the election in Branistan",
+ has sophistication "strategic",
+ has resource_level "government",
+ has primary_motivation "ideology",
+ has secondary_motivations "dominance";
+
+$id1 isa identity,
+ has spec_version "2.1",
+ has stix_id "identity--8c6af861-7b20-41ef-9b59-6344fd872a8f",
+ has created 2016-08-08T15:50:10.983,
+ has modified 2016-08-08T15:50:10.983,
+ has name "Franistan Intelligence",
+ has identity_class "organization";
+
+$id2 isa identity,
+ has spec_version "2.1",
+ has stix_id "identity--ddfe7140-2ba4-48e4-b19a-df069432103b",
+ has created 2016-08-08T15:50:10.983,
+ has modified 2016-08-08T15:50:10.983,
+ has name "Branistan Peoples Party",
+ has identity_class "organization";
+
+$er1 isa external_reference,
+ has source_name "website",
+ has url_link "http://www.bpp.bn";
+
+(referencing: $id2, referenced: $er1) isa external_references;
+
+$at1 isa attack_pattern,
+ has spec_version "2.1",
+ has stix_id "attack-pattern--19da6e1c-71ab-4c2f-886d-d620d09d3b5a",
+ has created 2016-08-08T15:50:10.983,
+ has modified 2017-01-30T21:15:04.127,
+ has name "Content Spoofing";
+
+$er2 isa external_reference,
+ has source_name "capec",
+ has url_link "https://capec.mitre.org/data/definitions/148.html",
+ has external_id "CAPEC-148";
+
+(referencing: $at1, referenced: $er2) isa external_references;
+
+$at2 isa attack_pattern,
+ has spec_version "2.1",
+ has stix_id "attack-pattern--f6050ea6-a9a3-4524-93ed-c27858d6cb3c",
+ has created 2016-08-08T15:50:10.983,
+ has modified 2017-01-30T21:15:04.127,
+ has name "HTTP Flood";
+
+$er3 isa external_reference,
+ has source_name "capec",
+ has url_link "https://capec.mitre.org/data/definitions/488.html",
+ has external_id "CAPEC-488";
+
+(referencing: $at2, referenced: $er3) isa external_references;
+
+$ca1 isa campaign,
+ has spec_version "2.1",
+ has stix_id "campaign--e5268b6e-4931-42f1-b379-87f48eb41b1e",
+ has created 2016-08-08T15:50:10.983,
+ has modified 2016-08-08T15:50:10.983,
+ has name "Operation Bran Flakes",
+ has description "A concerted effort to insert false information into the BPP's web pages.",
+ has aliases "OBF",
+ has first_seen 2016-01-08T12:50:40.123,
+ has objective "Hack www.bpp.bn";
+
+$ca2 isa campaign,
+ has spec_version "2.1",
+ has stix_id "campaign--1d8897a7-fdc2-4e59-afc9-becbe04df727",
+ has created 2016-08-08T15:50:10.983,
+ has modified 2016-08-08T15:50:10.983,
+ has name "Operation Raisin Bran",
+ has description "A DDOS campaign to flood BPP web servers.",
+ has aliases "ORB",
+ has first_seen 2016-02-07T19:45:32.126,
+ has objective "Flood www.bpp.bn";
+
+$is1 isa intrusion_set,
+ has spec_version "2.1",
+ has stix_id "intrusion-set--ed69450a-f067-4b51-9ba2-c4616b9a6713",
+ has created 2016-08-08T15:50:10.983,
+ has modified 2016-08-08T15:50:10.983,
+ has name "APT BPP",
+ has description "An advanced persistent threat that seeks to disrupt Branistan's election with multiple attacks.",
+ has aliases "Bran-teaser",
+ has first_seen 2016-01-08T12:50:40.123,
+ has goals "Influence the Branistan election",
+ has goals "Disrupt the BPP",
+ has sophistication "strategic",
+ has resource_level "government",
+ has primary_motivation "ideology",
+ has secondary_motivations "dominance";
+
+$ato1 (attributing: $ca1, attributed: $bpp_ta) isa attributed_to;
+$ato1 has spec_version "2.1",
+ has stix_id "relationship--98765000-efdf-4a86-8681-36481ceae57f",
+ has created 2020-02-29T17:41:44.938,
+ has modified 2020-02-29T17:41:44.938;
+
+$ato2 (attributing: $ca2, attributed: $bpp_ta) isa attributed_to;
+$ato2 has spec_version "2.1",
+ has stix_id "relationship--53a55c73-f2c8-47b9-8e50-ae34d8c5da4d",
+ has created 2020-02-29T17:41:44.938,
+ has modified 2020-02-29T17:41:44.938;
+
+$ato3 (attributing: $ca1, attributed: $is1) isa attributed_to;
+$ato3 has spec_version "2.1",
+ has stix_id "relationship--5047c2c0-524b-4afd-9cd6-e197efe59495",
+ has created 2020-02-29T17:41:44.939,
+ has modified 2020-02-29T17:41:44.939;
+
+$ato4 (attributing: $ca2, attributed: $is1) isa attributed_to;
+$ato4 has spec_version "2.1",
+ has stix_id "relationship--9cc131ca-b64d-4ab1-a300-5e4a0073280a",
+ has created 2020-02-29T17:41:44.939,
+ has modified 2020-02-29T17:41:44.939;
+
+$ato5 (attributing: $is1, attributed: $bpp_ta) isa attributed_to;
+$ato5 has spec_version "2.1",
+ has stix_id "relationship--c171fd27-2a8a-42b7-8293-34016b70c1c8",
+ has created 2020-02-29T17:41:44.939,
+ has modified 2020-02-29T17:41:44.939;
+
+$ato6 (targeting: $is1, targeted: $id2) isa targets;
+$ato6 has spec_version "2.1",
+ has stix_id "relationship--554e3341-d7b1-4b3c-a522-28ef52fbb49b",
+ has created 2020-02-29T17:41:44.939,
+ has modified 2020-02-29T17:41:44.939;
+
+$ato7 (used_by: $is1, used: $at1) isa uses;
+$ato7 has spec_version "2.1",
+ has stix_id "relationship--06964095-5750-41fe-a9af-6c6a9d995489",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato8 (used_by: $is1, used: $at2) isa uses;
+$ato8 has spec_version "2.1",
+ has stix_id "relationship--4fe5dab1-fd6d-41aa-b8b1-d3118a708284",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato9 (targeting: $ca1, targeted: $id2) isa targets;
+$ato9 has spec_version "2.1",
+ has stix_id "relationship--d8b7932d-0ecb-4891-b021-c78ff2b63747",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato10 (targeting: $ca2, targeted: $id2) isa targets;
+$ato10 has spec_version "2.1",
+ has stix_id "relationship--96cfbc6f-5c08-4372-b811-b90fbb2ec180",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato11 (used_by: $ca1, used: $at1) isa uses;
+$ato11 has spec_version "2.1",
+ has stix_id "relationship--e0b0b1a9-0b0a-4b0a-9b0a-0b0a0b0a0b0a",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato12 (used_by: $ca2, used: $at2) isa uses;
+$ato12 has spec_version "2.1",
+ has stix_id "relationship--e0b0b1a9-0b0a-4b0a-9b0a-0b0a0b0a0b0b",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato13 (impersonating: $bpp_ta, impersonated: $id2) isa impersonates;
+$ato13 has spec_version "2.1",
+ has stix_id "relationship--e0b0b1a9-0b0a-4b0a-9b0a-0b0a0b0a0b0c",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato14 (targeting: $bpp_ta, targeted: $id2) isa targets;
+$ato14 has spec_version "2.1",
+ has stix_id "relationship--e0b0b1a9-0b0a-4b0a-9b0a-0b0a0b0a0b0d",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato15 (attributing: $bpp_ta, attributed: $id1) isa attributed_to;
+$ato15 has spec_version "2.1",
+ has stix_id "relationship--e0b0b1a9-0b0a-4b0a-9b0a-0b0a0b0a0b0e",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato16 (targeting: $ca2, targeted: $id1) isa targets;
+$ato16 has spec_version "2.1",
+ has stix_id "relationship--e0b0b1a9-0b0a-4b0a-9b0a-0b0a0b0a0b0f",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato17 (used_by: $bpp_ta, used: $at1) isa uses;
+$ato17 has spec_version "2.1",
+ has stix_id "relationship--e0b0b1a9-0b0a-4b0a-9b0a-0b0a0b0a0b10",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
+
+$ato18 (used_by: $bpp_ta, used: $at2) isa uses;
+$ato18 has spec_version "2.1",
+ has stix_id "relationship--e0b0b1a9-0b0a-4b0a-9b0a-0b0a0b0a0b11",
+ has created 2020-02-29T17:41:44.940,
+ has modified 2020-02-29T17:41:44.940;
diff --git a/cybersecurity/cyber_threat_intelligence/src/test/java/com/typedb/examples/cti/MainTests.java b/cybersecurity/cyber_threat_intelligence/src/test/java/com/typedb/examples/cti/MainTests.java
new file mode 100644
index 00000000..9edae772
--- /dev/null
+++ b/cybersecurity/cyber_threat_intelligence/src/test/java/com/typedb/examples/cti/MainTests.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 Vaticle
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.typedb.examples.cti;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class MainTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}