I asked @packet-rat in another topic about CTI ontologies. Moving the discussion into a separate topic.
Thanks Andrew for engaging on the topic and breaking CTI ontology out into it’s own thread.
Another good resource in any efforts to define/adopt common CTI terms is the MISP community and the standard JSON based MISP Taxonomies.
Thanks, Patrick!
I have been reading Casey, E., Barnum, S., Griffith, R., Snyder, J., van Beek, H., & Nelson, A. (2017). Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language. Digital Investigation, 22, 14–45. doi:10.1016/j.diin.2017.08.002 and it seems like a very carefully organised effort.
@jamsden, @jad, we should definitely look into that, both from the viewpoint of suggesting that community to create an OSLC domain spec but also taking their use-case needs into account in OSLC Core. Given how far they have come, it could be a rather rewarding effort.
<<<Sorry – here’s the original post that got lost in the startup process>>>
UCO/CASE
The UCO (Unified Cyber Ontology) has active engagement with many of the thought leaders in our decade long efforts to define effective Cyber Domain inter-exchange languages/processes:
Cyber-Investigation Analysis Standard Expression (CASE)
We also have a core group seeking to create high level conceptual models for Threat and Risk in both Cyber and Physical Security Domains. There is a sizable body of work but efforts within the OMG stalled primarily due to a lack of funding and active engagement on developing reference implementations.
Git site is here:
ModelDriven/ConceptLibraries
A library of concepts for integration, federation, analytics and reuse - ModelDriven/ConceptLibraries
Note has links to web versions
MDZip files here:
ModelDriven/ConceptLibraries
A library of concepts for integration, federation, analytics and reuse - ModelDriven/ConceptLibraries
Additional doc and presentations specific to threat/risk are here:
ModelDriven/ThreatRisk
The threat-risk archive provides for public access to and comment on the canidate OMG standard for threats and risks - ModelDriven/ThreatRisk