Skip to content

Extend Backend Data Model for FlowNode (Attack Flow Step Metadata) #151

New issue
New issue
Open
Open
Extend Backend Data Model for FlowNode (Attack Flow Step Metadata)#151
Labels
attack flow implementationImplementing the ability to generate attack flowsfeature requestNew feature or request
@KadeMorton

Description

@KadeMorton
KadeMorton
opened on Jul 19, 2025

What it is

Introduce a new backend model to store step-level metadata required for building Attack Flows in Thread.

Why it matters

  • Enables us to persist user-defined sequence order and relationships (e.g., forks, merges).
  • Forms the backend foundation for building and exporting flows.

Requirements

  • Add new database table/class: FlowNode with the following fields:
    • id
    • technique_id
    • step_index
    • fork_parent (nullable foreign key to FlowNode)
    • merge_into (nullable foreign key to FlowNode)
    • linked_ioc_ids (many-to-many or JSON array)
    • linked_cve_ids
    • linked_malware_ids
  • Write migration script for schema change.
  • Update ORM layer to expose new model.
  • Do not change existing Technique or IOC tables; FlowNode references them.

Acceptance Criteria

  • FlowNode model and DB table implemented.
  • Migration script tested and applied cleanly.
  • ORM integration tested with sample insert/query/update.

Metadata

Metadata

Assignees

No one assigned

    Labels

    attack flow implementationImplementing the ability to generate attack flowsfeature requestNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions