Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create, organize, and document the Semantic Extension Mechanism to be used in the TAC Ontology. #3

Open
rhohimer opened this issue Oct 31, 2021 · 7 comments
Open

Create, organize, and document the Semantic Extension Mechanism to be used in the TAC Ontology. #3

rhohimer opened this issue Oct 31, 2021 · 7 comments
Assignees
@rhohimer
Labels
High Priority This should be worked on as soon as posible

Comments

@rhohimer
Copy link
Contributor

rhohimer commented Oct 31, 2021
edited
Loading

Contributors should have conventions to follow when them are submitting ontology files that extend existing concepts.

Discussions have been held that lean toward keeping semantic extensions in a directory structure under the stix-semex folder.

  • stix-semex
    • extensions
      • ibm
        • some-file.owl
      • ctin
        • another.owl

This proposed structure is new, and did not exist prior. Some legacy extensions will need to be modified to conform to the new conventions. Example extensions:

  • Incident
  • ThreatScenario
  • Threat Agent Library
  • Intermediary

A new branch is being created to address the naming conventions to be used. issue-003-extensions
@rhohimer rhohimer self-assigned this Oct 31, 2021
@rhohimer
Copy link
Contributor Author

@Vasileios-Mavroeidis I have create a subdirectory in stix-semex and added the security-playbook.owl file.
You will want to review this file as there are changes (per our discussions)

@rhohimer
Copy link
Contributor Author

Although I added the security-playbook.owl file, I have not imported it into stix-semex.owl !!! Until this is done the ontology will not be visible.

@rhohimer
Copy link
Contributor Author

I did add the import of the security-playbook ontology into the stix-semex ontology.
It is now visible. It is obvious that the subclassing of cti:Object, stix:StixObject; needs to be added. I am uncertain by subspect the intention is that SecurityPlaybook is supposed to be a subclass of stixCore:StixDomainObject as well. However, I have not had the opportunity to discuss the taxonomic hierarchy with @Vasileios-Mavroeidis yet.

My personal opinion is that it should be a subclass of CourseOfAction. This has yet to be termined.

@Vasileios-Mavroeidis
Copy link
Member

As we discussed. A security playbook is a subclass of course of action.

@rhohimer
Copy link
Contributor Author

image

SecurityPlaybook is now a subclass of CourseOfAction

@rhohimer
Copy link
Contributor Author

The image in the above comment shows that the new objects associated with the Incident object should be handled in the same way that the SecurityPlaybook class was handled. We know it is not handled the same because of the bold font on the new objects.

A new Issue should be created specifically for the creation of the Incident extension project.

@rhohimer
Copy link
Contributor Author

image
A bit more cleanup to do.

@rhohimer rhohimer added High Priority This should be worked on as soon as posible and removed Medium Priority labels Apr 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rhohimer rhohimer

Labels
High Priority This should be worked on as soon as posible
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rhohimer @Vasileios-Mavroeidis