search

oasis-open / tac-ontology

OASIS Threat Actor Context (TAC) TC: Creating an ontology for expressing the rich context around Threat Actors. https://github.com/oasis-open/tac-ontology
BSD 3-Clause "New" or "Revised" License
9 stars 4 forks source link

Ingesting STIX 2.1 JSON to TAC's STIX Ontology #46

Closed rhohimer closed 1 year ago

rhohimer commented 1 year ago

Using SPARQL-Anything ingest a STIX 2.1 JSON Document into a Knowledge Graph (KG) governed by the STIX ontology.

All objects will be typed as stix:StixObject Right equivalent class expressions to correctly type the stix:StixObject objects.

rhohimer commented 1 year ago

I'm using the example STIX 2.1 JSON document: APT1.json

rhohimer commented 1 year ago

Ran into an issue with the ontology being inconsistent because of: "contact_information": "dota.d013@gmail.com" The email address was not recognized as a string. It may be ALL email addresses, not just this one that threw the reasoner.

rhohimer commented 1 year ago

Another logical error: image

rhohimer commented 1 year ago

Fixed issue #26 in the branch related to this issue

rhohimer commented 1 year ago

We have a start on the sparql file that converts the sample apt1.json file.

At this time it only converts the contents of the json file. Meaning we used the apt1.json file as the usecase and did not go beyond the classes and properties mentioned in that json file.

This issue will not be completed until we have addressed all classes and all properties expressed in STIX 2.1 specification.

rhohimer commented 1 year ago

In Stardog Studio the visualizations are better if rdf:Label and skos:prefLabel are asserted. The ETL script does not assert them at this time.

rhohimer commented 1 year ago

This is a redundant task with issue 54