The core database concept of OpenCTI is that of a Graph database where you have two different kinds of entities:
To enable a unified approach for using a graph database for the description of different kind of threats, the STIX database schema was developed. This standard makes it easy for different analysts to describe their knowledge and share it with each other. The OpenCTI data model is based on the STIX 2.1 standard. Only a few attributes/entities are different. The real goal was to store “pure” STIX 2.1 and prefix all deviations with “x_opencti_”.
Thus we can highly recommend giving the STIX v. 2 introduction and the different kinds of STIX relationships a bit of your time to get a better understanding of what OpenCTI does. Some more important STIX naming shortcuts are: