CRITs v4 data migration question - kill chain

[Steve Castellarin]

I've seen some previous posts on this topic, but haven't come across a solution just yet.

In our 3.1.0 instance I was able to create an object called "Kill Chain" (edited the "create_object_types.py" to add a new object), then ran manage.py create_object_types to add it.  With that we've been able to assign a kill chain phase (if known) to indicators.

Looking at the stable_4 instance I'm building I haven't seen anything that I could map this current information to.  Has anyone else come across this challenge and, if so, what did you do to solve this?

Thanks!

[Bradley Logan]

Back in CRITs 3.1.0, there was by default a "Kill Chain" object, but it was removed when the new CRITs Vocabulary was created.  I haven't seen any solution for this sort of data since.  I've considered, on multiple occasions, adding a section to the Indicator Details page specifically to document the Kill Chain phase, but I haven't gotten around to it.  The best you could do now may be to add a Bucket List "bucket" to the Indicator identifying the phase.

-Brad