updating docs

tests/import_knowledge_base_test_data.py

@@ -15,7 +15,13 @@
 capec_versions = ["3_8", "3_9"] # add these in order to avoid versioning issues
 
 # Modes for arango-cti-processor
-arango_modes = ["capec-attack", "capec-cwe", "cve-cpe", "cve-cwe", "cwe-capec", "cve-epss"]
+arango_modes = [
+    "capec-attack",
+    "cve-cwe",
+    "cwe-capec",
+    "cve-epss",
+    "cve-cpe"
+]
 
 # Data for the CPE update
 cpe_data = {

vulmatch/server/views.py

@@ -64,15 +64,15 @@
             * `indicator`: Contains a pattern identifying products affected by the CVE
             * `relationship` (`indicator`->`vulnerability`)
             * `note`: Represents EPSS scores
+            * `sighting`: Represents CISA KEVs
             * `software`: Represents the products listed in the pattern
             * `relationship` (`indicator`->`software`)
             * `weakness` (CWE): represents CWEs linked to the Vulneability (requires `cve-cwe` mode to be run)
             * `relationship` (`vulnerability` (CVE) ->`weakness` (CWE))
             * `attack-pattern` (CAPEC): represents CAPECs in CWEs (linked to Vulnerability) (requires `cve-cwe` and `cwe-capec` mode to be run)
             * `relationship` (`weakness` (CWE) ->`attack-pattern` (CAPEC))
             * `attack-pattern` (ATT&CK Enterprise/ICS/Mobile): represents ATT&CKs in CAPECs in CWEs (linked to Vulnerability) (requires `cve-cwe`, `cwe-capec` and `capec-attack` mode to be run)
-            * `relationship` (`attack-pattern` (CAPEC) ->`attack-pattern` (ATT&CK))\n\n
-            This endpoint will also return all embedded relationships that exist from any of the CVE specific objects too (`vulnerability`, `indicator`, and `note`). These are `identity` and `marking-definition` objects (and the `relationship` representing the embedded relationship).
+            * `relationship` (`attack-pattern` (CAPEC) ->`attack-pattern` (ATT&CK))
             """
         ),
         responses={200: ArangoDBHelper.get_paginated_response_schema('objects', 'vulnerability')},