Create, organize, and document the Semantic Extension Mechanism to be used in the TAC Ontology.

oasis-open / tac-ontology

OASIS Threat Actor Context (TAC) TC: Creating an ontology for expressing the rich context around Threat Actors. https://github.com/oasis-open/tac-ontology

BSD 3-Clause "New" or "Revised" License

9 stars 4 forks source link

Create, organize, and document the Semantic Extension Mechanism to be used in the TAC Ontology. #3

Open rhohimer opened 2 years ago

rhohimer commented 2 years ago

Contributors should have conventions to follow when them are submitting ontology files that extend existing concepts.

Discussions have been held that lean toward keeping semantic extensions in a directory structure under the stix-semex folder.

stix-semex
- extensions
  - ibm
    - some-file.owl
  - ctin
    - another.owl

This proposed structure is new, and did not exist prior. Some legacy extensions will need to be modified to conform to the new conventions. Example extensions:

Incident
ThreatScenario
Threat Agent Library
Intermediary

A new branch is being created to address the naming conventions to be used. issue-003-extensions

rhohimer commented 2 years ago

@Vasileios-Mavroeidis I have create a subdirectory in stix-semex and added the security-playbook.owl file. You will want to review this file as there are changes (per our discussions)

rhohimer commented 2 years ago

Although I added the security-playbook.owl file, I have not imported it into stix-semex.owl !!! Until this is done the ontology will not be visible.

rhohimer commented 2 years ago

I did add the import of the security-playbook ontology into the stix-semex ontology. It is now visible. It is obvious that the subclassing of cti:Object, stix:StixObject; needs to be added. I am uncertain by subspect the intention is that SecurityPlaybook is supposed to be a subclass of stixCore:StixDomainObject as well. However, I have not had the opportunity to discuss the taxonomic hierarchy with @Vasileios-Mavroeidis yet.

My personal opinion is that it should be a subclass of CourseOfAction. This has yet to be termined.

Vasileios-Mavroeidis commented 2 years ago

As we discussed. A security playbook is a subclass of course of action.

rhohimer commented 2 years ago

SecurityPlaybook is now a subclass of CourseOfAction

rhohimer commented 2 years ago

The image in the above comment shows that the new objects associated with the Incident object should be handled in the same way that the SecurityPlaybook class was handled. We know it is not handled the same because of the bold font on the new objects.

A new Issue should be created specifically for the creation of the Incident extension project.

rhohimer commented 2 years ago

A bit more cleanup to do.