Cyber Threat Intelligence ontologies

andrew · June 15, 2019, 10:13pm

I asked @packet-rat in another topic about CTI ontologies. Moving the discussion into a separate topic.

packet-rat · June 16, 2019, 3:30pm

Thanks Andrew for engaging on the topic and breaking CTI ontology out into it’s own thread.

Another good resource in any efforts to define/adopt common CTI terms is the MISP community and the standard JSON based MISP Taxonomies.

andrew · June 17, 2019, 9:13pm

Thanks, Patrick!

I have been reading Casey, E., Barnum, S., Griffith, R., Snyder, J., van Beek, H., & Nelson, A. (2017). Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language. Digital Investigation, 22, 14–45. doi:10.1016/j.diin.2017.08.002 and it seems like a very carefully organised effort.

@jamsden, @jad, we should definitely look into that, both from the viewpoint of suggesting that community to create an OSLC domain spec but also taking their use-case needs into account in OSLC Core. Given how far they have come, it could be a rather rewarding effort.

packet-rat · June 17, 2019, 9:26pm

<<<Sorry – here’s the original post that got lost in the startup process>>>

UCO/CASE

The UCO (Unified Cyber Ontology) has active engagement with many of the thought leaders in our decade long efforts to define effective Cyber Domain inter-exchange languages/processes:

Unified Cyber Ontology

Cyber-Investigation Analysis Standard Expression (CASE)

Threat and Risk Community

We also have a core group seeking to create high level conceptual models for Threat and Risk in both Cyber and Physical Security Domains. There is a sizable body of work but efforts within the OMG stalled primarily due to a lack of funding and active engagement on developing reference implementations.

Git site is here:

GitHub

ModelDriven/ConceptLibraries

A library of concepts for integration, federation, analytics and reuse - ModelDriven/ConceptLibraries

Note has links to web versions

MDZip files here:

GitHub

ModelDriven/ConceptLibraries

A library of concepts for integration, federation, analytics and reuse - ModelDriven/ConceptLibraries

Additional doc and presentations specific to threat/risk are here:

GitHub

ModelDriven/ThreatRisk

The threat-risk archive provides for public access to and comment on the canidate OMG standard for threats and risks - ModelDriven/ThreatRisk