relationship between attack-pattern and tool

Why in the enterprise JSON there is a relationship such as:
```
      "description": "[Imminent Monitor](https://attack.mitre.org/software/S0434) has a module for performing remote desktop access.(Citation: QiAnXin APT-C-36 Feb2019)",
      "relationship_type": "uses",
      "source_ref": "tool--8f8cd191-902c-4e83-bf20-b57c8c4640e9",
      "target_ref": "attack-pattern--eb062747-2193-45de-8fa2-e62549c37ddf",
 ```

And in the STIX 2.1 standard the relationship is the opposite?
![image](https://user-images.githubusercontent.com/16938405/203256973-eb34f3f3-b8f5-488b-82e6-21a344a38dbc.png)
It seems that standard says the attack pattern uses the tool and not the vice-versa:
![image](https://user-images.githubusercontent.com/16938405/203257256-bae2d40a-b217-4455-a5ae-b6d8591d294f.png)


Can you explain?


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

relationship between attack-pattern and tool #206

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

relationship between attack-pattern and tool #206

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions