Closed machi1271 closed 1 year ago
Hi @machi1271
Assuming you are knowledgable about ontology, still some hints first:
Only then you can appreciate UFO sufficiently to actually create your ontology based on it. Naturally, you can apply the ontoUML editor as a side tool while educating yourself:
I hope this helps. If so, please close this issue.
Best Paul (another user of ontoUML as opposed to a contributor to it)
Paul,
Just FYSA, it’s Visual Paradigm. I used to use Visual Paradigm UML and BPML quite extensively in a previous life.
Thanks for the ONTOUML tip!
Patrick Maroney Principal - Cybersecurity Chief Security Office AT&T Services, Inc.
From: Paul Brandt @.> Date: Friday, March 24, 2023 at 11:41 AM To: ucoProject/UCO @.> Cc: Subscribed @.***> Subject: Re: [ucoProject/UCO] How to develop based on UCO? (Issue #529)
Assuming you are knowledgable about ontology, still some hints first:
Only then you can appreciate UFO sufficiently to actually create your ontology based on it. Naturally, you can apply the ontoUML editor as a side tool while educating yourself:
I hope this helps. If so, please close this issue.
Best Paul (another user of ontoUML as opposed to a contributor to it)
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/ucoProject/UCO/issues/529*issuecomment-1483013566__;Iw!!BhdT!nUmK-EfJYyBsWYJgqcxO1qDX5WUnFPPypdP9Iez8KjZ8tViRJNxlQzlxEjVWhD5S9IiYUGsiY-6zzOr8Z7crcfRe86A$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AAYSFYOX72DNUZJ4ZOPUBEDW5W6APANCNFSM6AAAAAAWGGWVHQ__;!!BhdT!nUmK-EfJYyBsWYJgqcxO1qDX5WUnFPPypdP9Iez8KjZ8tViRJNxlQzlxEjVWhD5S9IiYUGsiY-6zzOr8Z7crYZfL1rs$. You are receiving this because you are subscribed to this thread.Message ID: @.***>
Hi @machi1271,
Can you share the focus of the security ontology that you would like to create? Within the Cyber Domain Ontology project, which includes UCO, we have a number of application ontologies that are released or in the works.
See the CASE Ontology (https://caseontology.org) for our digital forensics focused application ontology that builds upon UCO.
See the Adversary Engagement Ontology (https://adversaryengagementontology.org) for our cyber denial and deception operations ontology that builds upon UCO. This is brand new this month and is about to undergo a public comment period.
These will give you some good examples of how to build upon UCO. We have other application ontologies that are in the works for risk analysis and cyber threat intelligence.
Hope this helps.
Cory Hall MITRE
Hello all,
@plbt5 accidentally steered this conversation off-topic. @machi1271 asked for UCO (Unified Cyber Ontology) information, and @plbt5 responded about UFO (Unified Foundational Ontology). These are independent projects, and I'll respond on the UCO side of the question.
For how to develop UCO:
catalog-v001.xml
files compatible with Protégé. These will be available in UCO 1.2.0, coming in the next few days. Documentation on using those files is included in this update to this repository'sCONTRIBUTE.md
.As you develop your own security ontology concepts, I encourage you to review whether the concepts already have some form of implementation. This can be done with a text search feature, such as in Protégé, GitHub's Search-in-repository function, grep
over a local Git clone, search in the built ontology documentation[^1], or other features like what you're exploring with Neo4J. We don't currently have documentation on using UCO with Neo4J. If you're interested in contributing experience notes on that kind of development workflow, it would be welcome discussion.
One way to determine whether there is a need for some concept as you develop ontologies is to try encoding the data you need as RDF Literals (e.g. time stamps, strings housing names) in a small example graph, ponder some kind of predicate that you think should be the property that houses that literal, and then ponder the object and class (rdf:type
) of the object that would have that predicate and literal. Comfort with SPARQL will help you understand whether you're approaching a workable design. There are demonstration queries in this folder in CASE-Corpora, or the "Urgent Evidence" narrative on the CASE website that show a few kinds of things you can find with SPARQL.
If you have other questions, please feel free to ask. Otherwise, I'm guessing we've answered your questions in this thread, and if we don't hear from you in a few weeks we'll mark the Issue closed.
[^1]: Though that link is to CASE's built documentation, UCO's is coming soon, as noted here.
@ajnelson-nist Thanks for identifying and clarifying my off-topic response. I sincerely apologize @machi1271 and others for introducing this confusion.
@machi1271 ,
The CASE and UCO documentation sites now provide ontology resources that are compatible with the tool you noted, Protégé. If you load any of the ontology IRIs or owl:versionIRI
values, you should see it work as expected. Here is a screenshot of https://ontology.unifiedcyberontology.org/uco/action/1.2.0
:
If there is a specific concept or mechanism you'd like to explore further (we still do not have demonstrations with Neo4J), we look forward to seeing them as separate Issues.
--Alex
Hi guys,
I want to develop my own security ontology based on the UCO, but I'm new to it, and I don't know how to get it done.
Could anyone give me some tips about:
Regards