diff --git a/.gitignore b/.gitignore index ca2f4d4..7b95eb5 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,5 @@ __pycache__ .ipynb_checkpoints .venv-pre-commit +all-*.mk venv diff --git a/CONTRIBUTE.md b/CONTRIBUTE.md new file mode 100644 index 0000000..d65bfbf --- /dev/null +++ b/CONTRIBUTE.md @@ -0,0 +1,20 @@ +# Maintenance + +This repository derives JSON-LD "stub" dictionaries from the ontologies in CDO. + +The generation process for these ontologies uses `make`, with some balance of hard-coding and source-including to save on code redundancy. + +The maintenance necessary for this repository occurs when a new ontology is released. In most cases, this will be the necessary script to follow: + +```bash +# (On a fresh Git clone.) +make clean +make -j +git add templates +git commit -s -m "Regenerate Make-managed files" +# Editing and updating README.md to refresh the implemented CASE version should come next. +``` + +(Note: Some `make`s assume infinite CPU resources if `-j` (`--jobs`) does not have a following numeric argument. On, e.g., macOS, you might want to follow that flag with the number of cores on your system.) + +In the event a new ontology (i.e., a new namespace with `owl:Class`es) is added, a new directory under `/templates` will need to be created and given a `Makefile`. Copying `/templates/uco-core/Makefile` into the new directory and adapting its hard-coded prefix IRI will enable the workflow to function again. diff --git a/Makefile b/Makefile index 7dee587..aa07c37 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,8 @@ py_srcfiles := \ all: \ .venv-pre-commit/var/.pre-commit-built.log \ all-tests + $(MAKE) \ + --directory templates .PHONY: \ all-tests \ diff --git a/README.md b/README.md index 85014d5..7f5436a 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ # CASE Mapping Template Stubs [![Continuous Integration](https://github.com/casework/CASE-Mapping-Template-Stubs/actions/workflows/ci.yml/badge.svg)](https://github.com/casework/CASE-Mapping-Template-Stubs/actions/workflows/ci.yml) -![CASE Version](https://img.shields.io/badge/CASE%20Version-0.7.0-green) +![CASE Version](https://img.shields.io/badge/CASE%20Version-1.3.0-green) This template repository is provided for those looking to draft JSON-oriented utilities using ontologies within the [Cyber Domain Ontology](https://cyberdomainontology.org) ecosystem, particularly [CASE](https://caseontology.org) and [UCO](https://unifiedcyberontology.org). "Stub" JSON dictionaries are provided for each class within CASE and UCO, generated from the ontologies. -Each "stub" provides a minimal JSON-LD context dictionary specific to a class, and null-valued entries for each property on that class and entailed by parent classes. +Each "stub" provides a minimal JSON-LD context dictionary specific to a class, and null-valued entries for each property on that class and entailed by parent classes. Cardinality is reflected by the null-ish value recorded: `null` is used when a property has maximum-cardinality 1, and an empty list (`[]`) is recorded when a property has a maximum-cardinality greater than 1 or is unbounded. ## Folders @@ -13,47 +13,46 @@ Each "stub" provides a minimal JSON-LD context dictionary specific to a class, a 1. `/templates` is generated by case_utils ontology and sub-ontologies alone. -## Install & setup +## Maintenance and refreshing -1. `pip install -r requirements.txt` +Resources in this repository do not require use of any code for their typical usage. +For those making updates to the repository (such as on ontology releases), see [`CONTRIBUTE.md`](CONTRIBUTE.md). -## Usage/run - - - generate.py [-o: default: uses case_util's case ontology and sub ontologies,-s:Optional[],--output:default="templates", -a:default = False, -t:default = False] - - "-o", ontology directory or string of directories delimited by "," , required. - - "-s", specify a class by name that has at least one property, Optional. The name must be conventional to the original vocabulary eg. observable, tool, action, etc. - - "--output", specify a specific directory to put the stubs, Optional, default = "templates" - - "-a" True/False whether to allow case_utils to load in uco or not. The generated object will differ depending on what is within the graph. default = False. - - "-t" True/False whether to generate a short stub (True) or full stub (False). default = False +## Usage/run -## Examples +The script `src/generate_single_stub_json.py` is usable for generating a stub JSON-LD object for any class, if the ontology (including all ontologies reached by `owl:imports`) is provided on the command line. -generate all case and uco objects from case_utils alone: -```bash -python generate.py ``` +usage: generate_single_stub_json.py [-h] [--debug] out_json class_iri [supplemental_graph ...] -generate a specific case object -```bash -python generate.py -s investigation:Authorization +positional arguments: + out_json + class_iri + supplemental_graph + +options: + -h, --help show this help message and exit + --debug ``` +### Examples -### Output +See [`tests/Makefile`](tests/Makefile) for examples of how to run `generate_single_stub_json.py` for specific classes of interest. Demonstrations are done for: -json-ld file with additional @version key for what version of case and case_utils generated the file. +* [`case-investigation:InvestigativeAction`](tests/InvestigativeAction.json) +* [`uco-observable:ArchiveFile`](tests/ArchiveFile.json) +* [`co:Bag`](tests/Bag.json) (from the [Collections Ontology](https://github.com/collections-ontology/collections-ontology)) ### Note -1. we load the ontology ttl files directly, implying the graph is blank. The uco ontology can be loaded via case_utils load_subclass_hierarchy. Because it loads the uco ontology as well, some of the uco ontology will be generated too due to it being present in the triple preprocessing. - -2. in `generate.py`, there is another 'obs_prefix' commented out which uses the direct uco ontology prefixes instead of being padded with "uco-", use it you want a stand-alone uco object with its original vocabulary prefixes: eg. case uses "uco-core" while the uco ontology uses "core". +1. Properties applicable to a class are drawn directly from the class definition, and from all parent class definitions. + 1. Properties are also associated with classes from explicit `rdfs:domain` statements. When a `rdfs:domain` domain statement is absent, under OWL semantics this implies that the property applies to `owl:Thing` (i.e., is universal); but, to support use cases where domains are represented with other structural properties (e.g., `dcam:domainIncludes`, `schema:domainIncludes`), this project requires explicit statements of `rdfs:domain owl:Thing` for adding to a stub. -3. The code queries the graph for all triples with sh:property and sh:path to build the entire list, therefore classes that do not have direct properties (properties not from superclass inheritence) will not be geneated using the `--short True` flag. By default, the flag is set to `--short False` which additionally tries to pull triples that declare a subclass from a superclass, thereby adding superclass properties to the stub. +2. Stubs for `uco-core:Facet`s applicable to any eventual subclass of `uco-core:UcoObject` are also inlined in the stub for the `uco-core:UcoObject`. ## Licensing diff --git a/generate.py b/generate.py deleted file mode 100644 index 64eab0c..0000000 --- a/generate.py +++ /dev/null @@ -1,389 +0,0 @@ -#!/usr/bin/env python3 - -# NOTICE -# This software was produced for the U.S. Government under contract FA8702-22-C-0001, -# and is subject to the Rights in Data-General Clause 52.227-14, Alt. IV (DEC 2007) -# ©2022 The MITRE Corporation. All Rights Reserved. -# Released under PRS 18-4297. - -# Portions of this file contributed by NIST are governed by the -# following statement: -# -# This software was developed at the National Institute of Standards -# and Technology by employees of the Federal Government in the course -# of their official duties. Pursuant to Title 17 Section 105 of the -# United States Code, this software is not subject to copyright -# protection within the United States. NIST assumes no responsibility -# whatsoever for its use by other parties, and makes no guarantees, -# expressed or implied, about its quality, reliability, or any other -# characteristic. -# -# We would appreciate acknowledgement if the software is used. - -import argparse -import importlib.resources -import json -import os -from typing import Optional, Union - -import case_utils.ontology -import rdflib -from case_utils.namespace import ( - NS_CASE_INVESTIGATION, - NS_CASE_VOCABULARY, - NS_UCO_ACTION, - NS_UCO_CORE, - NS_UCO_IDENTITY, - NS_UCO_LOCATION, - NS_UCO_MARKING, - NS_UCO_OBSERVABLE, - NS_UCO_PATTERN, - NS_UCO_ROLE, - NS_UCO_TOOL, - NS_UCO_TYPES, - NS_UCO_VICTIM, - NS_UCO_VOCABULARY, -) -from case_utils.ontology.version_info import CURRENT_CASE_VERSION - -__version__ = "0.0.2" - -NS_SH = rdflib.SH -NS_RDF = rdflib.RDF -NS_XSD = rdflib.XSD - -caseutils_version = case_utils.__version__ -# uco_version = '0.9.0' - don't know how uco denotes their version - -ignore_keys = [ - "http://www.w3.org/2000/01/rdf-schema#range", # rdf:range - "http://www.w3.org/2000/01/rdf-schema#label", # rdf:label - "http://www.w3.org/2000/01/rdf-schema#comment", # rdf:comment - "http://www.w3.org/ns/shacl#targetClass", # sh:targetClass -] - -# direct uco vocabulary -# obs_prefix = {str(NS_UCO_OBSERVABLE):'observable:', -# str(NS_UCO_CORE):'core:', -# str(NS_UCO_TOOL):'tool:', -# str(NS_UCO_ACTION):'action:', -# str(NS_UCO_VOCABULARY):'vocabulary:', -# str(NS_UCO_IDENTITY):'identity:', -# str(NS_UCO_LOCATION):'location:', -# str(NS_UCO_MARKING):'marking:', -# str(NS_UCO_PATTERN):'pattern:', -# str(NS_SH):'sh:', -# str(NS_RDF):'rdfs:', -# 'http://www.w3.org/2000/01/rdf-schema#':'rdfs:', -# str(NS_XSD):'xsd:', -# str(NS_UCO_VICTIM):"victim:", -# str(NS_UCO_ROLE):"role:", -# str(NS_UCO_TYPES):"types:", -# } - -# case-uco vocabulary -obs_prefix = { # uco vocabulary - str(NS_UCO_MARKING): "uco-marking:", - str(NS_UCO_TOOL): "uco-tool:", - str(NS_SH): "sh:", - str(NS_RDF): "rdfs:", - str(NS_XSD): "xsd:", - str(NS_RDF): "rdf:", - str(NS_UCO_OBSERVABLE): "uco-observable:", - str(NS_UCO_MARKING): "uco-marking:", - str(NS_UCO_IDENTITY): "uco-identity:", - str(NS_UCO_VICTIM): "uco-victim:", - str(NS_UCO_VOCABULARY): "uco-vocabulary:", - str(NS_UCO_PATTERN): "uco-pattern:", - str(NS_UCO_CORE): "uco-core:", - str(NS_UCO_TOOL): "uco-tool:", - str(NS_UCO_ACTION): "uco-action:", - str(NS_UCO_LOCATION): "uco-location:", - "http://www.w3.org/2000/01/rdf-schema#": "rdfs:", - str(NS_UCO_ROLE): "uco-role:", - str(NS_UCO_TYPES): "uco-types:", - # case vocab - str(NS_CASE_INVESTIGATION): "investigation:", - str(NS_CASE_VOCABULARY): "vocabulary:", -} - -reverse_obs_prefix = {} -for k, v in obs_prefix.items(): - reverse_obs_prefix[v] = k - - -def reducestring(string: str) -> str: - for k, v in obs_prefix.items(): - if k in string: - return string.replace(k, v) - return str(string) - - -def makedirs(directory: str) -> None: - os.makedirs(f"{directory}", exist_ok=True) - - -class main: - def __init__( - self, - ontology_dir: Optional[str] = None, - directory: str = "templates", - useCaseUtils: bool = False, - short: bool = False, - ) -> None: - makedirs(directory) - - self._switch = useCaseUtils - if ontology_dir is None or ontology_dir == "": - pass - elif "," in ontology_dir: - ontology_dir = ontology_dir.split(",") - else: - ontology_dir = [ontology_dir] - self.generate_short = short - self.onto_dir = ontology_dir - self.prepad = "uco" - if ontology_dir: - self.files_dir = [] - for onto in ontology_dir: - if os.path.isdir(onto): - for onto in self.onto_dir: - for root, dirs, files in os.walk(onto, topdown=False): - for name in files: - if name.endswith(".ttl"): - adir = os.path.join(root, name) - if adir not in self.files_dir: - self.files_dir.append(adir) - elif os.path.isfile(onto): - if adir not in self.files_dir: - self.files_dir.append(adir) - self._directory = directory - - @property - def directory(self) -> str: - return self._directory - - @property - def switch(self) -> bool: - return self._switch - - def paduco(self, string: str) -> str: - v = string.split(":")[0] + ":" - if v in reverse_obs_prefix: - return string # don't pad eg. investigation - else: - return self.prepad + "-" + string # if not defined, pad it. - - def removepad(self, string: str) -> str: - if string.startswith(self.prepad): - return string.replace(self.prepad + "-", "") - else: - return string - - def load_graph(self) -> None: - self.g = rdflib.Graph() - if self.onto_dir: - for file in self.files_dir: - self.g.parse(file) - if self.switch: - case_utils.ontology.load_subclass_hierarchy(self.g) - else: - ttl_filename = "case-" + CURRENT_CASE_VERSION + ".ttl" - ttl_data = importlib.resources.read_text(case_utils.ontology, ttl_filename) - self.g.parse(data=ttl_data) - case_utils.ontology.load_subclass_hierarchy(self.g) - - def load_case_version(self) -> None: - try: - self.case_version = str( - [ - list(i) - for i in self.g.query( - "SELECT ?s ?p ?o WHERE{?s owl:versionInfo ?o}" - ) - ][0][2] - ) - except Exception: - self.case_version = CURRENT_CASE_VERSION - - def getSubClassOf(self, name: str): - res = [ - i - for i in self.g.query( - "SELECT ?o WHERE {{ {} rdfs:subClassOf ?o }}".format( - self.removepad(name) - ) - ) - ] - if res: - return res[0] - return res # comes back as list of triples - - def getProperty(self, name: str): - res = [ - i - for i in self.g.query( - "SELECT ?o WHERE {{ {} sh:property ?o }}".format(self.removepad(name)) - ) - ] - return res # comes back as list of triples - - def getPath(self, name: str): - res = [ - i - for i in self.g.query( - "SELECT ?o WHERE {{ {} sh:path ?o }}".format(self.removepad(name)) - ) - ] - return res # comes back as list of triples - - def getUCOname(self, name): - return self.removepad(reducestring(name)) - - def getParents(self, name: str, hist: list = []): - parents = self.getSubClassOf(name) - if not parents: - return [] - else: - for parent in parents: # DFS - p = self.getUCOname(parent) - if p not in hist: - hist.append(p) - # check if each parent has parents that isn't part of hist - for i in self.getParents(p, hist): - if i not in hist: - hist.append(i) - return hist - - def generate_bnodes(self) -> None: - self.bnode_dict = {} - for triple in self.g.query("SELECT ?s ?o WHERE { ?s sh:property ?o}"): - s, o = triple - self.bnode_dict[str(s)] = [] - self.bnode_dict[str(s)].append(reducestring(o)) - - for triple in self.g.query("SELECT ?s ?o WHERE { ?s sh:path ?o}"): - s, o = triple - if str(s) not in self.bnode_dict: - self.bnode_dict[str(s)] = [] - self.bnode_dict[str(s)].append(reducestring(o)) - - def generate_classes(self) -> None: - self.class_names = [] - for triple in self.g.query("SELECT ?s ?p WHERE {?s ?p owl:Class}"): - s, p = triple - self.class_names.append(self.removepad(reducestring(s))) - - def findContext(self, dict_graph: dict): - c = {} - for t in dict_graph.keys(): - for k, v in obs_prefix.items(): - if self.paduco(t).startswith(v): - c[self.paduco(v.strip(":"))] = k.strip("/") + "#" - return c - - def load_single(self, name: str): - single = {"@context": {}, "@graph": [{}]} - single["@context"]["kb"] = "http://example.org/kb/" - n = "".join(name.split(":")[1:]) - single["@graph"][0]["@id"] = "kb:" + n.lower() + "1" - single["@graph"][0]["@type"] = self.paduco(name) - - # add the properties of the object - props = self.getProperty(name) - for prop in props: - for p in self.bnode_dict[str(prop[0])]: - if p: - single["@graph"][0][self.paduco(p)] = None - - single["@context"].update(self.findContext({name: None})) - single["@context"].update(self.findContext(single["@graph"][0])) - - if self.generate_short: - pass - else: - # add the parent's properties - parents = self.getParents(name, []) - for parent in parents: - props = self.getProperty(parent) - for prop in props: - for node in self.bnode_dict[str(prop[0])]: - single["@graph"][0][self.paduco(node)] = None - single["@context"].update(self.findContext(single["@graph"][0])) - return single - - def generate(self) -> None: - self.load_graph() - self.load_case_version() - self.generate_bnodes() - - self.generate_classes() - return - - def convertToJson(self, obj_name: str) -> None: - vocab, newname = obj_name.split(":") - obj = self.load_single(obj_name) - - if obj == {}: - print(f"FAILED:{obj_name}") - return - nextdir = f"{self.directory}/{self.paduco(vocab)}" - makedirs(nextdir) - - with open(f"{nextdir}/{newname}.json", "w") as fl: - json.dump(obj, fl, indent=2) - fl.close() - print(f"Success:{self.paduco(obj_name)}") - - def run(self, name: Union[None, list, str] = None) -> None: - if not name: - name = self.class_names - else: - name = [self.paduco(name)] - for k in name: - self.convertToJson(k) - return - - -if __name__ == "__main__": - parser = argparse.ArgumentParser() - parser.add_argument( - "-o", "--ontology", help="ontology ttl file.", type=str, required=False - ) - parser.add_argument( - "--output", - help="default output folder for studs", - type=str, - required=False, - default="templates", - ) - - parser.add_argument( - "-s", "--specific", help="specific single object name", type=str, required=False - ) - parser.add_argument( - "-a", - "--caseutil", - help="[T/F] allow case_utils to load uco ontology.", - type=bool, - required=False, - default=False, - ) - parser.add_argument( - "-t", - "--short", - help="[T/F] generate short stub (no superclass properties) or full stub.", - type=bool, - required=False, - default=False, - ) - args = parser.parse_args() - - obj = main(args.ontology, args.output, args.caseutil, args.short) - - makedirs(args.output) - obj.generate() - if args.specific: - obj.run(args.specific) - else: - obj.run() diff --git a/src/generate_all_classes_mk.py b/src/generate_all_classes_mk.py new file mode 100644 index 0000000..22f8677 --- /dev/null +++ b/src/generate_all_classes_mk.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python3 + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +import argparse +import importlib.resources +from typing import Dict, Set + +import case_utils.ontology +from case_utils.namespace import NS_OWL, NS_RDF +from rdflib import Graph, URIRef + + +def main() -> None: + parser = argparse.ArgumentParser() + parser.add_argument("out_mk") + parser.add_argument("prefix_iri") + args = parser.parse_args() + + graph = Graph() + ttl_data = importlib.resources.read_text(case_utils.ontology, "case-1.3.0.ttl") + graph.parse(data=ttl_data) + + n_classes: Set[URIRef] = set() + for n_subject in graph.subjects(NS_RDF.type, NS_OWL.Class): + if not isinstance(n_subject, URIRef): + continue + if str(n_subject).startswith(args.prefix_iri): + n_classes.add(n_subject) + + local_names: Set[str] = set() + for n_class in n_classes: + prefix, n_namespace, local_name = graph.namespace_manager.compute_qname( + n_class, False + ) + if local_name in local_names: + raise ValueError("Encountered same local name twice: %r." % local_name) + local_names.add(local_name) + + target_to_recipe: Dict[str, str] = dict() + for local_name in local_names: + target_to_recipe[local_name + ".json"] = ( + """\ +%s.json: \\ + $(top_srcdir)/.venv.done.log \\ + $(top_srcdir)/src/generate_single_stub_json.py \\ + $(top_srcdir)/var/facet_cardinalities.ttl +\trm -f _$@ +\tsource $(top_srcdir)/venv/bin/activate \\ +\t && python $(top_srcdir)/src/generate_single_stub_json.py \\ +\t _$@ \\ +\t %s%s \\ +\t $(top_srcdir)/var/facet_cardinalities.ttl +\tmv _$@ $@ +""" + % (local_name, args.prefix_iri, local_name) + ) + + with open(args.out_mk, "w") as out_fh: + out_fh.write( + r"""\ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +# THIS FILE IS GENERATED. + +SHELL := /bin/bash + +top_srcdir := ../.. + +all: \ + %s + +check: \ + all + +clean: +""" + % " \\\n ".join(sorted(target_to_recipe.keys())) + ) + + for target in sorted(target_to_recipe): + out_fh.write(target_to_recipe[target]) + + +if __name__ == "__main__": + main() diff --git a/src/generate_all_ontologies_mk.py b/src/generate_all_ontologies_mk.py new file mode 100644 index 0000000..08127aa --- /dev/null +++ b/src/generate_all_ontologies_mk.py @@ -0,0 +1,127 @@ +#!/usr/bin/env python3 + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +import argparse +import importlib.resources +from typing import Dict, Set + +import case_utils.ontology +from case_utils.namespace import NS_OWL, NS_RDF +from rdflib import Graph, URIRef + + +def main() -> None: + parser = argparse.ArgumentParser() + parser.add_argument("out_mk") + args = parser.parse_args() + + graph = Graph() + ttl_data = importlib.resources.read_text(case_utils.ontology, "case-1.3.0.ttl") + graph.parse(data=ttl_data) + + n_classes: Set[URIRef] = set() + for n_subject in graph.subjects(NS_RDF.type, NS_OWL.Class): + if not isinstance(n_subject, URIRef): + continue + n_classes.add(n_subject) + + n_ontologies: Set[URIRef] = set() + for n_subject in graph.subjects(NS_RDF.type, NS_OWL.Ontology): + if not isinstance(n_subject, URIRef): + continue + if not str(n_subject).startswith("https://ontology."): + continue + n_ontologies.add(n_subject) + n_prefixes_from_ontologies = {URIRef(str(x) + "/") for x in n_ontologies} + + n_prefixes_from_classes: Set[URIRef] = set() + for n_class in n_classes: + prefix, n_prefix, local_name = graph.namespace_manager.compute_qname( + n_class, False + ) + n_prefixes_from_classes.add(n_prefix) + + n_prefixes_with_classes = n_prefixes_from_ontologies & n_prefixes_from_classes + + n_prefix_to_prefix_name: Dict[URIRef, str] = dict() + for n_prefix in n_prefixes_with_classes: + prefix_iri_parts = str(n_prefix).split("/") + # E.g.: + # "https://ontology.caseontology.org/case/investigation/" + # ^-3 ^-2 ^-1 + n_prefix_to_prefix_name[n_prefix] = "-".join( + [prefix_iri_parts[-3], prefix_iri_parts[-2]] + ) + + target_to_recipe: Dict[str, str] = dict() + for n_prefix in n_prefix_to_prefix_name: + prefix_name = n_prefix_to_prefix_name[n_prefix] + target_to_recipe["all-" + n_prefix_to_prefix_name[n_prefix]] = ( + """\ +all-%s: +\t$(MAKE) \\ +\t PREFIX_IRI="%s" \\ +\t --directory %s +""" + % (prefix_name, str(n_prefix), prefix_name) + ) + + with open(args.out_mk, "w") as out_fh: + targets_formatted = " \\\n ".join(sorted(target_to_recipe.keys())) + out_fh.write( + """\ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +# THIS FILE IS GENERATED. + +SHELL := /bin/bash + +top_srcdir := ../.. + +all: \\ + %s + +.PHONY: \\ + %s + +check: \\ + all + +clean: +""" + % (targets_formatted, targets_formatted) + ) + + for target in sorted(target_to_recipe): + out_fh.write(target_to_recipe[target]) + + +if __name__ == "__main__": + main() diff --git a/src/generate_single_stub_json.py b/src/generate_single_stub_json.py index 5f76afe..5c4206c 100644 --- a/src/generate_single_stub_json.py +++ b/src/generate_single_stub_json.py @@ -29,6 +29,7 @@ NS_OWL, NS_RDF, NS_UCO_ACTION, + NS_UCO_ANALYSIS, NS_UCO_CONFIGURATION, NS_UCO_CORE, NS_UCO_IDENTITY, @@ -58,6 +59,7 @@ "case-vocabulary": NS_CASE_VOCABULARY, "co": NS_CO, "uco-action": NS_UCO_ACTION, + "uco-analysis": NS_UCO_ANALYSIS, "uco-configuration": NS_UCO_CONFIGURATION, "uco-core": NS_UCO_CORE, "uco-identity": NS_UCO_IDENTITY, diff --git a/src/ontology.mk b/src/ontology.mk new file mode 100644 index 0000000..21c5d80 --- /dev/null +++ b/src/ontology.mk @@ -0,0 +1,52 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +# Usage: +# This Makefile is expected to be used with a Make include directive, +# with the variable prefix_iri defined. This variable should end with +# the delimiting character, typically '/' in CDO. + +# E.g., https://ontology.unifiedcyberontology.org/uco/core/ +PREFIX_IRI ?= +ifeq ($(PREFIX_IRI),) +$(error PREFIX_IRI must be given.) +endif + +SHELL := /bin/bash + +top_srcdir := ../.. + +all: \ + all-classes.mk + $(MAKE) \ + --file all-classes.mk + +all-classes.mk: \ + $(top_srcdir)/.venv.done.log \ + $(top_srcdir)/src/generate_all_classes_mk.py + source $(top_srcdir)/venv/bin/activate \ + && python3 $(top_srcdir)/src/generate_all_classes_mk.py \ + _$@ \ + $(PREFIX_IRI) + mv _$@ $@ + +check: \ + all + +clean: + @rm -f \ + *.json \ + all-classes.mk diff --git a/templates/Makefile b/templates/Makefile new file mode 100644 index 0000000..87529e0 --- /dev/null +++ b/templates/Makefile @@ -0,0 +1,45 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +SHELL := /bin/bash + +top_srcdir := .. + +all: \ + all-ontologies.mk + $(MAKE) \ + --file all-ontologies.mk + +all-ontologies.mk: \ + $(top_srcdir)/.venv.done.log \ + $(top_srcdir)/src/generate_all_ontologies_mk.py + source $(top_srcdir)/venv/bin/activate \ + && python3 $(top_srcdir)/src/generate_all_ontologies_mk.py \ + _$@ + mv _$@ $@ + +check: \ + all + +clean: + @ls */Makefile \ + | while read subdir_makefile ; do \ + $(MAKE) \ + --directory $$(dirname $${subdir_makefile}) \ + clean ; \ + done + @rm -f \ + all-ontologies.mk diff --git a/templates/case-investigation/Attorney.json b/templates/case-investigation/Attorney.json index 4377fb7..ba754cb 100644 --- a/templates/case-investigation/Attorney.json +++ b/templates/case-investigation/Attorney.json @@ -1,29 +1,25 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:attorney1", - "@type": "investigation:Attorney", + "@id": "kb:Attorney-1", + "@type": "case-investigation:Attorney", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/Authorization.json b/templates/case-investigation/Authorization.json index 924e8d8..69cf708 100644 --- a/templates/case-investigation/Authorization.json +++ b/templates/case-investigation/Authorization.json @@ -1,33 +1,29 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:authorization1", - "@type": "investigation:Authorization", - "investigation:authorizationIdentifier": null, - "investigation:authorizationType": null, + "@id": "kb:Authorization-1", + "@type": "case-investigation:Authorization", + "case-investigation:authorizationIdentifier": [], + "case-investigation:authorizationType": null, + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, + "uco-core:description": [], "uco-core:endTime": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, "uco-core:startTime": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/Examiner.json b/templates/case-investigation/Examiner.json index a10a4cc..5ffee59 100644 --- a/templates/case-investigation/Examiner.json +++ b/templates/case-investigation/Examiner.json @@ -1,29 +1,25 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:examiner1", - "@type": "investigation:Examiner", + "@id": "kb:Examiner-1", + "@type": "case-investigation:Examiner", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/ExaminerActionLifecycle.json b/templates/case-investigation/ExaminerActionLifecycle.json index d40bc5d..7b461e6 100644 --- a/templates/case-investigation/ExaminerActionLifecycle.json +++ b/templates/case-investigation/ExaminerActionLifecycle.json @@ -1,44 +1,35 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:examineractionlifecycle1", - "@type": "investigation:ExaminerActionLifecycle", - "uco-action:actionCount": null, - "uco-action:actionStatus": null, - "uco-action:endTime": null, + "@id": "kb:ExaminerActionLifecycle-1", + "@type": "case-investigation:ExaminerActionLifecycle", + "case-investigation:wasDerivedFrom": [], "uco-action:environment": null, - "uco-action:error": null, - "uco-action:instrument": null, - "uco-action:location": null, - "uco-action:object": null, - "uco-action:participant": null, + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], "uco-action:performer": null, "uco-action:phase": null, - "uco-action:result": null, - "uco-action:startTime": null, - "uco-action:subaction": null, + "uco-action:result": [], + "uco-action:subaction": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/Investigation.json b/templates/case-investigation/Investigation.json index e04a2d7..313cc5c 100644 --- a/templates/case-investigation/Investigation.json +++ b/templates/case-investigation/Investigation.json @@ -1,36 +1,32 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:investigation1", - "@type": "investigation:Investigation", - "investigation:focus": null, - "investigation:investigationForm": null, - "investigation:investigationStatus": null, - "investigation:relevantAuthorization": null, + "@id": "kb:Investigation-1", + "@type": "case-investigation:Investigation", + "case-investigation:focus": [], + "case-investigation:investigationForm": null, + "case-investigation:investigationStatus": null, + "case-investigation:relevantAuthorization": [], + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, + "uco-core:description": [], "uco-core:endTime": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, - "uco-core:object": null, + "uco-core:object": [], "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, "uco-core:startTime": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/InvestigativeAction.json b/templates/case-investigation/InvestigativeAction.json index 6f31f0f..c341851 100644 --- a/templates/case-investigation/InvestigativeAction.json +++ b/templates/case-investigation/InvestigativeAction.json @@ -1,44 +1,40 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:investigativeaction1", - "@type": "investigation:InvestigativeAction", - "investigation:wasInformedBy": null, + "@id": "kb:InvestigativeAction-1", + "@type": "case-investigation:InvestigativeAction", + "case-investigation:wasDerivedFrom": [], + "case-investigation:wasInformedBy": [], "uco-action:actionCount": null, "uco-action:actionStatus": null, "uco-action:endTime": null, "uco-action:environment": null, - "uco-action:error": null, - "uco-action:instrument": null, - "uco-action:location": null, - "uco-action:object": null, - "uco-action:participant": null, + "uco-action:error": [], + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], "uco-action:performer": null, - "uco-action:result": null, + "uco-action:result": [], "uco-action:startTime": null, - "uco-action:subaction": null, + "uco-action:subaction": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/Investigator.json b/templates/case-investigation/Investigator.json index 1a6df8d..22a605b 100644 --- a/templates/case-investigation/Investigator.json +++ b/templates/case-investigation/Investigator.json @@ -1,29 +1,25 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:investigator1", - "@type": "investigation:Investigator", + "@id": "kb:Investigator-1", + "@type": "case-investigation:Investigator", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/Makefile b/templates/case-investigation/Makefile new file mode 100644 index 0000000..e70b0f6 --- /dev/null +++ b/templates/case-investigation/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.caseontology.org/case/investigation/ + +include ../../src/ontology.mk diff --git a/templates/case-investigation/ProvenanceRecord.json b/templates/case-investigation/ProvenanceRecord.json index cd263a6..e8948a4 100644 --- a/templates/case-investigation/ProvenanceRecord.json +++ b/templates/case-investigation/ProvenanceRecord.json @@ -1,32 +1,28 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:provenancerecord1", - "@type": "investigation:ProvenanceRecord", - "investigation:exhibitNumber": null, - "investigation:rootExhibitNumber": null, + "@id": "kb:ProvenanceRecord-1", + "@type": "case-investigation:ProvenanceRecord", + "case-investigation:exhibitNumber": null, + "case-investigation:rootExhibitNumber": [], + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, - "uco-core:object": null, + "uco-core:object": [], "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/Subject.json b/templates/case-investigation/Subject.json index 19f885c..e210621 100644 --- a/templates/case-investigation/Subject.json +++ b/templates/case-investigation/Subject.json @@ -1,29 +1,25 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:subject1", - "@type": "investigation:Subject", + "@id": "kb:Subject-1", + "@type": "case-investigation:Subject", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/SubjectActionLifecycle.json b/templates/case-investigation/SubjectActionLifecycle.json index 959d4a6..27e7df6 100644 --- a/templates/case-investigation/SubjectActionLifecycle.json +++ b/templates/case-investigation/SubjectActionLifecycle.json @@ -1,44 +1,35 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:subjectactionlifecycle1", - "@type": "investigation:SubjectActionLifecycle", - "uco-action:actionCount": null, - "uco-action:actionStatus": null, - "uco-action:endTime": null, + "@id": "kb:SubjectActionLifecycle-1", + "@type": "case-investigation:SubjectActionLifecycle", + "case-investigation:wasDerivedFrom": [], "uco-action:environment": null, - "uco-action:error": null, - "uco-action:instrument": null, - "uco-action:location": null, - "uco-action:object": null, - "uco-action:participant": null, + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], "uco-action:performer": null, "uco-action:phase": null, - "uco-action:result": null, - "uco-action:startTime": null, - "uco-action:subaction": null, + "uco-action:result": [], + "uco-action:subaction": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/case-investigation/VictimActionLifecycle.json b/templates/case-investigation/VictimActionLifecycle.json index a79dbb5..d80a8a6 100644 --- a/templates/case-investigation/VictimActionLifecycle.json +++ b/templates/case-investigation/VictimActionLifecycle.json @@ -1,44 +1,35 @@ { "@context": { - "investigation": "https://ontology.caseontology.org/case/investigation#", + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:victimactionlifecycle1", - "@type": "investigation:VictimActionLifecycle", - "uco-action:actionCount": null, - "uco-action:actionStatus": null, - "uco-action:endTime": null, + "@id": "kb:VictimActionLifecycle-1", + "@type": "case-investigation:VictimActionLifecycle", + "case-investigation:wasDerivedFrom": [], "uco-action:environment": null, - "uco-action:error": null, - "uco-action:instrument": null, - "uco-action:location": null, - "uco-action:object": null, - "uco-action:participant": null, + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], "uco-action:performer": null, "uco-action:phase": null, - "uco-action:result": null, - "uco-action:startTime": null, - "uco-action:subaction": null, + "uco-action:result": [], + "uco-action:subaction": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-action/Action.json b/templates/uco-action/Action.json index 52fbe76..a616b70 100644 --- a/templates/uco-action/Action.json +++ b/templates/uco-action/Action.json @@ -1,42 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:action1", + "@id": "kb:Action-1", "@type": "uco-action:Action", + "case-investigation:wasDerivedFrom": [], "uco-action:actionCount": null, "uco-action:actionStatus": null, "uco-action:endTime": null, "uco-action:environment": null, - "uco-action:error": null, - "uco-action:instrument": null, - "uco-action:location": null, - "uco-action:object": null, - "uco-action:participant": null, + "uco-action:error": [], + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], "uco-action:performer": null, - "uco-action:result": null, + "uco-action:result": [], "uco-action:startTime": null, - "uco-action:subaction": null, + "uco-action:subaction": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-action/ActionArgumentFacet.json b/templates/uco-action/ActionArgumentFacet.json index 0332143..1983db8 100644 --- a/templates/uco-action/ActionArgumentFacet.json +++ b/templates/uco-action/ActionArgumentFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:actionargumentfacet1", + "@id": "kb:ActionArgumentFacet-1", "@type": "uco-action:ActionArgumentFacet", "uco-action:argumentName": null, "uco-action:value": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-action/ActionEstimationFacet.json b/templates/uco-action/ActionEstimationFacet.json index 359fcfb..4f02f6c 100644 --- a/templates/uco-action/ActionEstimationFacet.json +++ b/templates/uco-action/ActionEstimationFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:actionestimationfacet1", + "@id": "kb:ActionEstimationFacet-1", "@type": "uco-action:ActionEstimationFacet", "uco-action:estimatedCost": null, "uco-action:estimatedEfficacy": null, "uco-action:estimatedImpact": null, "uco-action:objective": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-action/ActionFrequencyFacet.json b/templates/uco-action/ActionFrequencyFacet.json index 048954b..423535d 100644 --- a/templates/uco-action/ActionFrequencyFacet.json +++ b/templates/uco-action/ActionFrequencyFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:actionfrequencyfacet1", + "@id": "kb:ActionFrequencyFacet-1", "@type": "uco-action:ActionFrequencyFacet", "uco-action:rate": null, "uco-action:scale": null, "uco-action:trend": null, "uco-action:units": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-action/ActionLifecycle.json b/templates/uco-action/ActionLifecycle.json index 97b6e96..9404707 100644 --- a/templates/uco-action/ActionLifecycle.json +++ b/templates/uco-action/ActionLifecycle.json @@ -1,43 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:actionlifecycle1", + "@id": "kb:ActionLifecycle-1", "@type": "uco-action:ActionLifecycle", - "uco-action:actionCount": null, - "uco-action:actionStatus": null, - "uco-action:endTime": null, + "case-investigation:wasDerivedFrom": [], "uco-action:environment": null, - "uco-action:error": null, - "uco-action:instrument": null, - "uco-action:location": null, - "uco-action:object": null, - "uco-action:participant": null, + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], "uco-action:performer": null, "uco-action:phase": null, - "uco-action:result": null, - "uco-action:startTime": null, - "uco-action:subaction": null, + "uco-action:result": [], + "uco-action:subaction": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-action/ActionPattern.json b/templates/uco-action/ActionPattern.json index 5d67b1a..2d04b41 100644 --- a/templates/uco-action/ActionPattern.json +++ b/templates/uco-action/ActionPattern.json @@ -1,42 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:actionpattern1", + "@id": "kb:ActionPattern-1", "@type": "uco-action:ActionPattern", + "case-investigation:wasDerivedFrom": [], "uco-action:actionCount": null, "uco-action:actionStatus": null, "uco-action:endTime": null, "uco-action:environment": null, - "uco-action:error": null, - "uco-action:instrument": null, - "uco-action:location": null, - "uco-action:object": null, - "uco-action:participant": null, + "uco-action:error": [], + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], "uco-action:performer": null, - "uco-action:result": null, + "uco-action:result": [], "uco-action:startTime": null, - "uco-action:subaction": null, + "uco-action:subaction": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-action/ArrayOfAction.json b/templates/uco-action/ArrayOfAction.json index 5cd5080..8bde450 100644 --- a/templates/uco-action/ArrayOfAction.json +++ b/templates/uco-action/ArrayOfAction.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:arrayofaction1", + "@id": "kb:ArrayOfAction-1", "@type": "uco-action:ArrayOfAction", - "uco-action:action": null + "uco-action:action": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-action/Makefile b/templates/uco-action/Makefile new file mode 100644 index 0000000..e2936b2 --- /dev/null +++ b/templates/uco-action/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/action/ + +include ../../src/ontology.mk diff --git a/templates/uco-analysis/Analysis.json b/templates/uco-analysis/Analysis.json new file mode 100644 index 0000000..99ec090 --- /dev/null +++ b/templates/uco-analysis/Analysis.json @@ -0,0 +1,40 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-analysis": "https://ontology.unifiedcyberontology.org/uco/analysis/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Analysis-1", + "@type": "uco-analysis:Analysis", + "case-investigation:wasDerivedFrom": [], + "uco-action:actionCount": null, + "uco-action:actionStatus": null, + "uco-action:endTime": null, + "uco-action:environment": null, + "uco-action:error": [], + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], + "uco-action:performer": null, + "uco-action:result": [], + "uco-action:startTime": null, + "uco-action:subaction": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [] + } + ] +} diff --git a/templates/uco-analysis/AnalyticResult.json b/templates/uco-analysis/AnalyticResult.json new file mode 100644 index 0000000..c4132d1 --- /dev/null +++ b/templates/uco-analysis/AnalyticResult.json @@ -0,0 +1,29 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-analysis": "https://ontology.unifiedcyberontology.org/uco/analysis/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:AnalyticResult-1", + "@type": "uco-analysis:AnalyticResult", + "case-investigation:wasDerivedFrom": [], + "uco-analysis:originatingAnalysis": null, + "uco-analysis:resultContent": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:statement": [], + "uco-core:tag": [] + } + ] +} diff --git a/templates/uco-analysis/AnalyticResultFacet.json b/templates/uco-analysis/AnalyticResultFacet.json new file mode 100644 index 0000000..788dfc7 --- /dev/null +++ b/templates/uco-analysis/AnalyticResultFacet.json @@ -0,0 +1,13 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-analysis": "https://ontology.unifiedcyberontology.org/uco/analysis/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:AnalyticResultFacet-1", + "@type": "uco-analysis:AnalyticResultFacet" + } + ] +} diff --git a/templates/uco-analysis/ArtifactClassification.json b/templates/uco-analysis/ArtifactClassification.json new file mode 100644 index 0000000..7e5f2e3 --- /dev/null +++ b/templates/uco-analysis/ArtifactClassification.json @@ -0,0 +1,15 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-analysis": "https://ontology.unifiedcyberontology.org/uco/analysis/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:ArtifactClassification-1", + "@type": "uco-analysis:ArtifactClassification", + "uco-analysis:class": [], + "uco-analysis:classificationConfidence": null + } + ] +} diff --git a/templates/uco-analysis/ArtifactClassificationResultFacet.json b/templates/uco-analysis/ArtifactClassificationResultFacet.json new file mode 100644 index 0000000..dc9f3b6 --- /dev/null +++ b/templates/uco-analysis/ArtifactClassificationResultFacet.json @@ -0,0 +1,14 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-analysis": "https://ontology.unifiedcyberontology.org/uco/analysis/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:ArtifactClassificationResultFacet-1", + "@type": "uco-analysis:ArtifactClassificationResultFacet", + "uco-analysis:classification": [] + } + ] +} diff --git a/templates/uco-analysis/Makefile b/templates/uco-analysis/Makefile new file mode 100644 index 0000000..efe033f --- /dev/null +++ b/templates/uco-analysis/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/analysis/ + +include ../../src/ontology.mk diff --git a/templates/uco-configuration/Configuration.json b/templates/uco-configuration/Configuration.json new file mode 100644 index 0000000..a86b935 --- /dev/null +++ b/templates/uco-configuration/Configuration.json @@ -0,0 +1,29 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-configuration": "https://ontology.unifiedcyberontology.org/uco/configuration/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Configuration-1", + "@type": "uco-configuration:Configuration", + "case-investigation:wasDerivedFrom": [], + "uco-configuration:configurationEntry": [], + "uco-configuration:dependencies": [], + "uco-configuration:usageContextAssumptions": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [] + } + ] +} diff --git a/templates/uco-configuration/ConfigurationEntry.json b/templates/uco-configuration/ConfigurationEntry.json new file mode 100644 index 0000000..a8e9cc3 --- /dev/null +++ b/templates/uco-configuration/ConfigurationEntry.json @@ -0,0 +1,18 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-configuration": "https://ontology.unifiedcyberontology.org/uco/configuration/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:ConfigurationEntry-1", + "@type": "uco-configuration:ConfigurationEntry", + "uco-configuration:itemDescription": null, + "uco-configuration:itemName": null, + "uco-configuration:itemObject": [], + "uco-configuration:itemType": null, + "uco-configuration:itemValue": [] + } + ] +} diff --git a/templates/uco-configuration/Dependency.json b/templates/uco-configuration/Dependency.json new file mode 100644 index 0000000..5f96d42 --- /dev/null +++ b/templates/uco-configuration/Dependency.json @@ -0,0 +1,15 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-configuration": "https://ontology.unifiedcyberontology.org/uco/configuration/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Dependency-1", + "@type": "uco-configuration:Dependency", + "uco-configuration:dependencyDescription": null, + "uco-configuration:dependencyType": null + } + ] +} diff --git a/templates/uco-configuration/Makefile b/templates/uco-configuration/Makefile new file mode 100644 index 0000000..f3d8929 --- /dev/null +++ b/templates/uco-configuration/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/configuration/ + +include ../../src/ontology.mk diff --git a/templates/uco-core/Annotation.json b/templates/uco-core/Annotation.json index 40be1fc..18419e5 100644 --- a/templates/uco-core/Annotation.json +++ b/templates/uco-core/Annotation.json @@ -1,30 +1,27 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:annotation1", + "@id": "kb:Annotation-1", "@type": "uco-core:Annotation", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, - "uco-core:object": null, + "uco-core:object": [], "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:statement": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:statement": [], + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/Assertion.json b/templates/uco-core/Assertion.json index e626b5d..cec6dc8 100644 --- a/templates/uco-core/Assertion.json +++ b/templates/uco-core/Assertion.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:assertion1", + "@id": "kb:Assertion-1", "@type": "uco-core:Assertion", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:statement": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:statement": [], + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/AttributedName.json b/templates/uco-core/AttributedName.json index 5a1f376..230869c 100644 --- a/templates/uco-core/AttributedName.json +++ b/templates/uco-core/AttributedName.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:attributedname1", + "@id": "kb:AttributedName-1", "@type": "uco-core:AttributedName", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:namingAuthority": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/Bundle.json b/templates/uco-core/Bundle.json index 376041a..e3621e8 100644 --- a/templates/uco-core/Bundle.json +++ b/templates/uco-core/Bundle.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:bundle1", + "@id": "kb:Bundle-1", "@type": "uco-core:Bundle", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, - "uco-core:object": null, + "uco-core:object": [], "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/Compilation.json b/templates/uco-core/Compilation.json index cbea98d..f5ad05b 100644 --- a/templates/uco-core/Compilation.json +++ b/templates/uco-core/Compilation.json @@ -1,28 +1,25 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:compilation1", + "@id": "kb:Compilation-1", "@type": "uco-core:Compilation", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/ConfidenceFacet.json b/templates/uco-core/ConfidenceFacet.json index 3a791fb..5295bc6 100644 --- a/templates/uco-core/ConfidenceFacet.json +++ b/templates/uco-core/ConfidenceFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:confidencefacet1", + "@id": "kb:ConfidenceFacet-1", "@type": "uco-core:ConfidenceFacet", "uco-core:confidence": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/ContextualCompilation.json b/templates/uco-core/ContextualCompilation.json index 337bdd5..b5b7784 100644 --- a/templates/uco-core/ContextualCompilation.json +++ b/templates/uco-core/ContextualCompilation.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contextualcompilation1", + "@id": "kb:ContextualCompilation-1", "@type": "uco-core:ContextualCompilation", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, - "uco-core:object": null, + "uco-core:object": [], "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/ControlledVocabulary.json b/templates/uco-core/ControlledVocabulary.json index 0ab465f..8968e3a 100644 --- a/templates/uco-core/ControlledVocabulary.json +++ b/templates/uco-core/ControlledVocabulary.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:controlledvocabulary1", + "@id": "kb:ControlledVocabulary-1", "@type": "uco-core:ControlledVocabulary", + "case-investigation:wasDerivedFrom": [], "uco-core:constrainingVocabularyName": null, "uco-core:constrainingVocabularyReference": null, "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-core:value": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/EnclosingCompilation.json b/templates/uco-core/EnclosingCompilation.json index 2457f78..0692c56 100644 --- a/templates/uco-core/EnclosingCompilation.json +++ b/templates/uco-core/EnclosingCompilation.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:enclosingcompilation1", + "@id": "kb:EnclosingCompilation-1", "@type": "uco-core:EnclosingCompilation", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, - "uco-core:object": null, + "uco-core:object": [], "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/Event.json b/templates/uco-core/Event.json new file mode 100644 index 0000000..5a55567 --- /dev/null +++ b/templates/uco-core/Event.json @@ -0,0 +1,30 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Event-1", + "@type": "uco-core:Event", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:endTime": [], + "uco-core:eventAttribute": [], + "uco-core:eventContext": [], + "uco-core:eventType": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:startTime": [], + "uco-core:tag": [] + } + ] +} diff --git a/templates/uco-core/ExternalReference.json b/templates/uco-core/ExternalReference.json index 28c1b3c..d93db76 100644 --- a/templates/uco-core/ExternalReference.json +++ b/templates/uco-core/ExternalReference.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:externalreference1", + "@id": "kb:ExternalReference-1", "@type": "uco-core:ExternalReference", "uco-core:definingContext": null, "uco-core:externalIdentifier": null, "uco-core:referenceURL": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/Facet.json b/templates/uco-core/Facet.json index 5a2d5fc..81bd105 100644 --- a/templates/uco-core/Facet.json +++ b/templates/uco-core/Facet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:facet1", + "@id": "kb:Facet-1", "@type": "uco-core:Facet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/Grouping.json b/templates/uco-core/Grouping.json index a4a4c02..50d1f81 100644 --- a/templates/uco-core/Grouping.json +++ b/templates/uco-core/Grouping.json @@ -1,30 +1,27 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:grouping1", + "@id": "kb:Grouping-1", "@type": "uco-core:Grouping", - "uco-core:context": null, + "case-investigation:wasDerivedFrom": [], + "uco-core:context": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, - "uco-core:object": null, + "uco-core:object": [], "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/IdentityAbstraction.json b/templates/uco-core/IdentityAbstraction.json index f46973a..f472afb 100644 --- a/templates/uco-core/IdentityAbstraction.json +++ b/templates/uco-core/IdentityAbstraction.json @@ -1,28 +1,25 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:identityabstraction1", + "@id": "kb:IdentityAbstraction-1", "@type": "uco-core:IdentityAbstraction", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/Item.json b/templates/uco-core/Item.json index 643eba1..79c3e94 100644 --- a/templates/uco-core/Item.json +++ b/templates/uco-core/Item.json @@ -1,28 +1,25 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:item1", + "@id": "kb:Item-1", "@type": "uco-core:Item", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/Makefile b/templates/uco-core/Makefile new file mode 100644 index 0000000..ef6e66f --- /dev/null +++ b/templates/uco-core/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/core/ + +include ../../src/ontology.mk diff --git a/templates/uco-core/MarkingDefinitionAbstraction.json b/templates/uco-core/MarkingDefinitionAbstraction.json index 992346c..1dcbc9d 100644 --- a/templates/uco-core/MarkingDefinitionAbstraction.json +++ b/templates/uco-core/MarkingDefinitionAbstraction.json @@ -1,28 +1,25 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:markingdefinitionabstraction1", + "@id": "kb:MarkingDefinitionAbstraction-1", "@type": "uco-core:MarkingDefinitionAbstraction", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/ModusOperandi.json b/templates/uco-core/ModusOperandi.json index 8a670c6..2db0d2f 100644 --- a/templates/uco-core/ModusOperandi.json +++ b/templates/uco-core/ModusOperandi.json @@ -1,28 +1,25 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:modusoperandi1", + "@id": "kb:ModusOperandi-1", "@type": "uco-core:ModusOperandi", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/Relationship.json b/templates/uco-core/Relationship.json index f5b35fa..1111a02 100644 --- a/templates/uco-core/Relationship.json +++ b/templates/uco-core/Relationship.json @@ -1,34 +1,31 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:relationship1", + "@id": "kb:Relationship-1", "@type": "uco-core:Relationship", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:endTime": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, + "uco-core:description": [], + "uco-core:endTime": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], "uco-core:isDirectional": null, "uco-core:kindOfRelationship": null, - "uco-core:modifiedTime": null, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, - "uco-core:source": null, + "uco-core:objectMarking": [], + "uco-core:source": [], "uco-core:specVersion": null, - "uco-core:startTime": null, - "uco-core:tag": null, - "uco-core:target": null, - "uco-core:type": null + "uco-core:startTime": [], + "uco-core:tag": [], + "uco-core:target": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/UcoInherentCharacterizationThing.json b/templates/uco-core/UcoInherentCharacterizationThing.json new file mode 100644 index 0000000..135c43d --- /dev/null +++ b/templates/uco-core/UcoInherentCharacterizationThing.json @@ -0,0 +1,13 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:UcoInherentCharacterizationThing-1", + "@type": "uco-core:UcoInherentCharacterizationThing" + } + ] +} diff --git a/templates/uco-core/UcoObject.json b/templates/uco-core/UcoObject.json index c7df58f..76335a3 100644 --- a/templates/uco-core/UcoObject.json +++ b/templates/uco-core/UcoObject.json @@ -1,28 +1,25 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ucoobject1", + "@id": "kb:UcoObject-1", "@type": "uco-core:UcoObject", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-core/UcoThing.json b/templates/uco-core/UcoThing.json new file mode 100644 index 0000000..9c03718 --- /dev/null +++ b/templates/uco-core/UcoThing.json @@ -0,0 +1,13 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:UcoThing-1", + "@type": "uco-core:UcoThing" + } + ] +} diff --git a/templates/uco-identity/AddressFacet.json b/templates/uco-identity/AddressFacet.json index 92e422f..70a37c7 100644 --- a/templates/uco-identity/AddressFacet.json +++ b/templates/uco-identity/AddressFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:addressfacet1", + "@id": "kb:AddressFacet-1", "@type": "uco-identity:AddressFacet", "uco-identity:address": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/AffiliationFacet.json b/templates/uco-identity/AffiliationFacet.json index 67d4aaf..25dee68 100644 --- a/templates/uco-identity/AffiliationFacet.json +++ b/templates/uco-identity/AffiliationFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:affiliationfacet1", + "@id": "kb:AffiliationFacet-1", "@type": "uco-identity:AffiliationFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/BirthInformationFacet.json b/templates/uco-identity/BirthInformationFacet.json index a9a6873..fda6f5c 100644 --- a/templates/uco-identity/BirthInformationFacet.json +++ b/templates/uco-identity/BirthInformationFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:birthinformationfacet1", + "@id": "kb:BirthInformationFacet-1", "@type": "uco-identity:BirthInformationFacet", "uco-identity:birthdate": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/CountryOfResidenceFacet.json b/templates/uco-identity/CountryOfResidenceFacet.json index 32178aa..a2e0299 100644 --- a/templates/uco-identity/CountryOfResidenceFacet.json +++ b/templates/uco-identity/CountryOfResidenceFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:countryofresidencefacet1", + "@id": "kb:CountryOfResidenceFacet-1", "@type": "uco-identity:CountryOfResidenceFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/EventsFacet.json b/templates/uco-identity/EventsFacet.json index eefc904..935acf2 100644 --- a/templates/uco-identity/EventsFacet.json +++ b/templates/uco-identity/EventsFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:eventsfacet1", + "@id": "kb:EventsFacet-1", "@type": "uco-identity:EventsFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/IdentifierFacet.json b/templates/uco-identity/IdentifierFacet.json index bc82124..20416ad 100644 --- a/templates/uco-identity/IdentifierFacet.json +++ b/templates/uco-identity/IdentifierFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:identifierfacet1", + "@id": "kb:IdentifierFacet-1", "@type": "uco-identity:IdentifierFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/Identity.json b/templates/uco-identity/Identity.json index 4d79b02..842aba1 100644 --- a/templates/uco-identity/Identity.json +++ b/templates/uco-identity/Identity.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:identity1", + "@id": "kb:Identity-1", "@type": "uco-identity:Identity", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/IdentityFacet.json b/templates/uco-identity/IdentityFacet.json index e52a5c7..44c9b29 100644 --- a/templates/uco-identity/IdentityFacet.json +++ b/templates/uco-identity/IdentityFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:identityfacet1", + "@id": "kb:IdentityFacet-1", "@type": "uco-identity:IdentityFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/LanguagesFacet.json b/templates/uco-identity/LanguagesFacet.json index 7f4700c..6a653df 100644 --- a/templates/uco-identity/LanguagesFacet.json +++ b/templates/uco-identity/LanguagesFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:languagesfacet1", + "@id": "kb:LanguagesFacet-1", "@type": "uco-identity:LanguagesFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/Makefile b/templates/uco-identity/Makefile new file mode 100644 index 0000000..6bba86a --- /dev/null +++ b/templates/uco-identity/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/identity/ + +include ../../src/ontology.mk diff --git a/templates/uco-identity/NationalityFacet.json b/templates/uco-identity/NationalityFacet.json index 5bb9d64..fc19f1c 100644 --- a/templates/uco-identity/NationalityFacet.json +++ b/templates/uco-identity/NationalityFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:nationalityfacet1", + "@id": "kb:NationalityFacet-1", "@type": "uco-identity:NationalityFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/OccupationFacet.json b/templates/uco-identity/OccupationFacet.json index 26287b6..9acc878 100644 --- a/templates/uco-identity/OccupationFacet.json +++ b/templates/uco-identity/OccupationFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:occupationfacet1", + "@id": "kb:OccupationFacet-1", "@type": "uco-identity:OccupationFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/Organization.json b/templates/uco-identity/Organization.json index 90a2ee2..2ef4705 100644 --- a/templates/uco-identity/Organization.json +++ b/templates/uco-identity/Organization.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:organization1", + "@id": "kb:Organization-1", "@type": "uco-identity:Organization", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/OrganizationDetailsFacet.json b/templates/uco-identity/OrganizationDetailsFacet.json index 8de876f..e19d70a 100644 --- a/templates/uco-identity/OrganizationDetailsFacet.json +++ b/templates/uco-identity/OrganizationDetailsFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:organizationdetailsfacet1", + "@id": "kb:OrganizationDetailsFacet-1", "@type": "uco-identity:OrganizationDetailsFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/Person.json b/templates/uco-identity/Person.json index 3105adf..0e7ecff 100644 --- a/templates/uco-identity/Person.json +++ b/templates/uco-identity/Person.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:person1", + "@id": "kb:Person-1", "@type": "uco-identity:Person", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/PersonalDetailsFacet.json b/templates/uco-identity/PersonalDetailsFacet.json index 1e60dd0..eb70cd5 100644 --- a/templates/uco-identity/PersonalDetailsFacet.json +++ b/templates/uco-identity/PersonalDetailsFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:personaldetailsfacet1", + "@id": "kb:PersonalDetailsFacet-1", "@type": "uco-identity:PersonalDetailsFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/PhysicalInfoFacet.json b/templates/uco-identity/PhysicalInfoFacet.json index 9dc4f94..5bfa799 100644 --- a/templates/uco-identity/PhysicalInfoFacet.json +++ b/templates/uco-identity/PhysicalInfoFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:physicalinfofacet1", + "@id": "kb:PhysicalInfoFacet-1", "@type": "uco-identity:PhysicalInfoFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/QualificationFacet.json b/templates/uco-identity/QualificationFacet.json index e155f9a..d6f3602 100644 --- a/templates/uco-identity/QualificationFacet.json +++ b/templates/uco-identity/QualificationFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:qualificationfacet1", + "@id": "kb:QualificationFacet-1", "@type": "uco-identity:QualificationFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/RelatedIdentityFacet.json b/templates/uco-identity/RelatedIdentityFacet.json index 1920dc4..107a3a7 100644 --- a/templates/uco-identity/RelatedIdentityFacet.json +++ b/templates/uco-identity/RelatedIdentityFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:relatedidentityfacet1", + "@id": "kb:RelatedIdentityFacet-1", "@type": "uco-identity:RelatedIdentityFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/SimpleNameFacet.json b/templates/uco-identity/SimpleNameFacet.json index 69e4523..982b6a6 100644 --- a/templates/uco-identity/SimpleNameFacet.json +++ b/templates/uco-identity/SimpleNameFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:simplenamefacet1", + "@id": "kb:SimpleNameFacet-1", "@type": "uco-identity:SimpleNameFacet", - "uco-identity:familyName": null, - "uco-identity:givenName": null, - "uco-identity:honorificPrefix": null, - "uco-identity:honorificSuffix": null + "uco-identity:familyName": [], + "uco-identity:givenName": [], + "uco-identity:honorificPrefix": [], + "uco-identity:honorificSuffix": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-identity/VisaFacet.json b/templates/uco-identity/VisaFacet.json index 57c449a..bc14f6d 100644 --- a/templates/uco-identity/VisaFacet.json +++ b/templates/uco-identity/VisaFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:visafacet1", + "@id": "kb:VisaFacet-1", "@type": "uco-identity:VisaFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-location/GPSCoordinatesFacet.json b/templates/uco-location/GPSCoordinatesFacet.json index f33eda8..47f2eca 100644 --- a/templates/uco-location/GPSCoordinatesFacet.json +++ b/templates/uco-location/GPSCoordinatesFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-location": "https://ontology.unifiedcyberontology.org/uco/location#" + "uco-location": "https://ontology.unifiedcyberontology.org/uco/location/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:gpscoordinatesfacet1", + "@id": "kb:GPSCoordinatesFacet-1", "@type": "uco-location:GPSCoordinatesFacet", "uco-location:hdop": null, "uco-location:pdop": null, "uco-location:tdop": null, "uco-location:vdop": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-location/LatLongCoordinatesFacet.json b/templates/uco-location/LatLongCoordinatesFacet.json index bd7c797..26e1878 100644 --- a/templates/uco-location/LatLongCoordinatesFacet.json +++ b/templates/uco-location/LatLongCoordinatesFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-location": "https://ontology.unifiedcyberontology.org/uco/location#" + "uco-location": "https://ontology.unifiedcyberontology.org/uco/location/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:latlongcoordinatesfacet1", + "@id": "kb:LatLongCoordinatesFacet-1", "@type": "uco-location:LatLongCoordinatesFacet", "uco-location:altitude": null, "uco-location:latitude": null, "uco-location:longitude": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-location/Location.json b/templates/uco-location/Location.json index 66c77a5..ca139ef 100644 --- a/templates/uco-location/Location.json +++ b/templates/uco-location/Location.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-location": "https://ontology.unifiedcyberontology.org/uco/location#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-location": "https://ontology.unifiedcyberontology.org/uco/location/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:location1", + "@id": "kb:Location-1", "@type": "uco-location:Location", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-location/Makefile b/templates/uco-location/Makefile new file mode 100644 index 0000000..5cc5b76 --- /dev/null +++ b/templates/uco-location/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/location/ + +include ../../src/ontology.mk diff --git a/templates/uco-location/SimpleAddressFacet.json b/templates/uco-location/SimpleAddressFacet.json index 997e84c..6280a4f 100644 --- a/templates/uco-location/SimpleAddressFacet.json +++ b/templates/uco-location/SimpleAddressFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-location": "https://ontology.unifiedcyberontology.org/uco/location#" + "uco-location": "https://ontology.unifiedcyberontology.org/uco/location/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:simpleaddressfacet1", + "@id": "kb:SimpleAddressFacet-1", "@type": "uco-location:SimpleAddressFacet", "uco-location:addressType": null, "uco-location:country": null, @@ -14,9 +15,5 @@ "uco-location:region": null, "uco-location:street": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-marking/GranularMarking.json b/templates/uco-marking/GranularMarking.json index 04425d7..cbde959 100644 --- a/templates/uco-marking/GranularMarking.json +++ b/templates/uco-marking/GranularMarking.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking#" + "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:granularmarking1", + "@id": "kb:GranularMarking-1", "@type": "uco-marking:GranularMarking", - "uco-marking:contentSelectors": null, - "uco-marking:marking": null + "uco-marking:contentSelectors": [], + "uco-marking:marking": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-marking/LicenseMarking.json b/templates/uco-marking/LicenseMarking.json index 0c40fbf..8c5fe11 100644 --- a/templates/uco-marking/LicenseMarking.json +++ b/templates/uco-marking/LicenseMarking.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking#" + "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:licensemarking1", + "@id": "kb:LicenseMarking-1", "@type": "uco-marking:LicenseMarking", - "uco-marking:definitionType": null, + "uco-marking:definitionType": [], "uco-marking:license": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-marking/Makefile b/templates/uco-marking/Makefile new file mode 100644 index 0000000..6471345 --- /dev/null +++ b/templates/uco-marking/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/marking/ + +include ../../src/ontology.mk diff --git a/templates/uco-marking/MarkingDefinition.json b/templates/uco-marking/MarkingDefinition.json index 4f4094b..477c16a 100644 --- a/templates/uco-marking/MarkingDefinition.json +++ b/templates/uco-marking/MarkingDefinition.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:markingdefinition1", + "@id": "kb:MarkingDefinition-1", "@type": "uco-marking:MarkingDefinition", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, - "uco-marking:definition": null, + "uco-core:tag": [], + "uco-marking:definition": [], "uco-marking:definitionType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-marking/MarkingModel.json b/templates/uco-marking/MarkingModel.json index 40ff632..0fbcee0 100644 --- a/templates/uco-marking/MarkingModel.json +++ b/templates/uco-marking/MarkingModel.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking#" + "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:markingmodel1", + "@id": "kb:MarkingModel-1", "@type": "uco-marking:MarkingModel" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-marking/ReleaseToMarking.json b/templates/uco-marking/ReleaseToMarking.json index 0b3e5bf..7ff1759 100644 --- a/templates/uco-marking/ReleaseToMarking.json +++ b/templates/uco-marking/ReleaseToMarking.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking#" + "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:releasetomarking1", + "@id": "kb:ReleaseToMarking-1", "@type": "uco-marking:ReleaseToMarking", - "uco-marking:authorizedIdentities": null, - "uco-marking:definitionType": null + "uco-marking:authorizedIdentities": [], + "uco-marking:definitionType": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-marking/StatementMarking.json b/templates/uco-marking/StatementMarking.json index 06c7750..e8b1fcc 100644 --- a/templates/uco-marking/StatementMarking.json +++ b/templates/uco-marking/StatementMarking.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking#" + "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:statementmarking1", + "@id": "kb:StatementMarking-1", "@type": "uco-marking:StatementMarking", - "uco-marking:definitionType": null, + "uco-marking:definitionType": [], "uco-marking:statement": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-marking/TermsOfUseMarking.json b/templates/uco-marking/TermsOfUseMarking.json index 4421326..f97e2dc 100644 --- a/templates/uco-marking/TermsOfUseMarking.json +++ b/templates/uco-marking/TermsOfUseMarking.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking#" + "uco-marking": "https://ontology.unifiedcyberontology.org/uco/marking/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:termsofusemarking1", + "@id": "kb:TermsOfUseMarking-1", "@type": "uco-marking:TermsOfUseMarking", - "uco-marking:definitionType": null, + "uco-marking:definitionType": [], "uco-marking:termsOfUse": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/API.json b/templates/uco-observable/API.json index 50f19e7..461c99d 100644 --- a/templates/uco-observable/API.json +++ b/templates/uco-observable/API.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:api1", + "@id": "kb:API-1", "@type": "uco-observable:API", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ARPCache.json b/templates/uco-observable/ARPCache.json index fe04751..19c7df5 100644 --- a/templates/uco-observable/ARPCache.json +++ b/templates/uco-observable/ARPCache.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:arpcache1", + "@id": "kb:ARPCache-1", "@type": "uco-observable:ARPCache", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ARPCacheEntry.json b/templates/uco-observable/ARPCacheEntry.json index 24b2691..de6c4ed 100644 --- a/templates/uco-observable/ARPCacheEntry.json +++ b/templates/uco-observable/ARPCacheEntry.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:arpcacheentry1", + "@id": "kb:ARPCacheEntry-1", "@type": "uco-observable:ARPCacheEntry", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Account.json b/templates/uco-observable/Account.json index 7125098..133dab9 100644 --- a/templates/uco-observable/Account.json +++ b/templates/uco-observable/Account.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:account1", + "@id": "kb:Account-1", "@type": "uco-observable:Account", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AccountAuthenticationFacet.json b/templates/uco-observable/AccountAuthenticationFacet.json index f7f07c6..94dbc10 100644 --- a/templates/uco-observable/AccountAuthenticationFacet.json +++ b/templates/uco-observable/AccountAuthenticationFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:accountauthenticationfacet1", + "@id": "kb:AccountAuthenticationFacet-1", "@type": "uco-observable:AccountAuthenticationFacet", "uco-observable:password": null, "uco-observable:passwordLastChanged": null, "uco-observable:passwordType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AccountFacet.json b/templates/uco-observable/AccountFacet.json index def9806..96c7f4b 100644 --- a/templates/uco-observable/AccountFacet.json +++ b/templates/uco-observable/AccountFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:accountfacet1", + "@id": "kb:AccountFacet-1", "@type": "uco-observable:AccountFacet", "uco-observable:accountIdentifier": null, "uco-observable:accountIssuer": null, @@ -16,9 +17,5 @@ "uco-observable:observableCreatedTime": null, "uco-observable:owner": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Adaptor.json b/templates/uco-observable/Adaptor.json new file mode 100644 index 0000000..b3c4747 --- /dev/null +++ b/templates/uco-observable/Adaptor.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Adaptor-1", + "@type": "uco-observable:Adaptor", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/Address.json b/templates/uco-observable/Address.json index 29f9e7a..3fcf62b 100644 --- a/templates/uco-observable/Address.json +++ b/templates/uco-observable/Address.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:address1", + "@id": "kb:Address-1", "@type": "uco-observable:Address", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AlternateDataStream.json b/templates/uco-observable/AlternateDataStream.json index bfdd556..d17f866 100644 --- a/templates/uco-observable/AlternateDataStream.json +++ b/templates/uco-observable/AlternateDataStream.json @@ -1,31 +1,34 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:alternatedatastream1", + "@id": "kb:AlternateDataStream-1", "@type": "uco-observable:AlternateDataStream", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:AlternateDataStreamFacet-1", + "@type": "uco-observable:AlternateDataStreamFacet", + "uco-core:name": null, + "uco-observable:hashes": null, + "uco-observable:size": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AlternateDataStreamFacet.json b/templates/uco-observable/AlternateDataStreamFacet.json index a975ff8..1525639 100644 --- a/templates/uco-observable/AlternateDataStreamFacet.json +++ b/templates/uco-observable/AlternateDataStreamFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:alternatedatastreamfacet1", + "@id": "kb:AlternateDataStreamFacet-1", "@type": "uco-observable:AlternateDataStreamFacet", "uco-core:name": null, "uco-observable:hashes": null, "uco-observable:size": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AndroidDevice.json b/templates/uco-observable/AndroidDevice.json index 0ce3008..622fef2 100644 --- a/templates/uco-observable/AndroidDevice.json +++ b/templates/uco-observable/AndroidDevice.json @@ -1,31 +1,46 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:androiddevice1", + "@id": "kb:AndroidDevice-1", "@type": "uco-observable:AndroidDevice", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AndroidDeviceFacet-1", + "@type": "uco-observable:AndroidDeviceFacet", + "uco-observable:androidFingerprint": null, + "uco-observable:androidID": null, + "uco-observable:androidVersion": null, + "uco-observable:isADBRootEnabled": null, + "uco-observable:isSURootEnabled": null + }, + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AndroidDeviceFacet.json b/templates/uco-observable/AndroidDeviceFacet.json index ffad9d9..bb5b99d 100644 --- a/templates/uco-observable/AndroidDeviceFacet.json +++ b/templates/uco-observable/AndroidDeviceFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:androiddevicefacet1", + "@id": "kb:AndroidDeviceFacet-1", "@type": "uco-observable:AndroidDeviceFacet", "uco-observable:androidFingerprint": null, "uco-observable:androidID": null, @@ -13,9 +14,5 @@ "uco-observable:isADBRootEnabled": null, "uco-observable:isSURootEnabled": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AndroidPhone.json b/templates/uco-observable/AndroidPhone.json new file mode 100644 index 0000000..0588eb2 --- /dev/null +++ b/templates/uco-observable/AndroidPhone.json @@ -0,0 +1,59 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:AndroidPhone-1", + "@type": "uco-observable:AndroidPhone", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AndroidDeviceFacet-1", + "@type": "uco-observable:AndroidDeviceFacet", + "uco-observable:androidFingerprint": null, + "uco-observable:androidID": null, + "uco-observable:androidVersion": null, + "uco-observable:isADBRootEnabled": null, + "uco-observable:isSURootEnabled": null + }, + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:MobileDeviceFacet-1", + "@type": "uco-observable:MobileDeviceFacet", + "uco-observable:ESN": null, + "uco-observable:IMEI": [], + "uco-observable:bluetoothDeviceName": null, + "uco-observable:clockSetting": null, + "uco-observable:keypadUnlockCode": null, + "uco-observable:mockLocationsAllowed": null, + "uco-observable:network": null, + "uco-observable:phoneActivationTime": null, + "uco-observable:storageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/AntennaFacet.json b/templates/uco-observable/AntennaFacet.json new file mode 100644 index 0000000..be0cbb7 --- /dev/null +++ b/templates/uco-observable/AntennaFacet.json @@ -0,0 +1,19 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:AntennaFacet-1", + "@type": "uco-observable:AntennaFacet", + "uco-observable:antennaHeight": null, + "uco-observable:azimuth": null, + "uco-observable:elevation": null, + "uco-observable:horizontalBeamWidth": null, + "uco-observable:signalStrength": null, + "uco-observable:skew": null + } + ] +} diff --git a/templates/uco-observable/AppleDevice.json b/templates/uco-observable/AppleDevice.json new file mode 100644 index 0000000..b442dce --- /dev/null +++ b/templates/uco-observable/AppleDevice.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:AppleDevice-1", + "@type": "uco-observable:AppleDevice", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/Appliance.json b/templates/uco-observable/Appliance.json index a22feab..d228de5 100644 --- a/templates/uco-observable/Appliance.json +++ b/templates/uco-observable/Appliance.json @@ -1,31 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:appliance1", + "@id": "kb:Appliance-1", "@type": "uco-observable:Appliance", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Application.json b/templates/uco-observable/Application.json index 45347b2..6456ca3 100644 --- a/templates/uco-observable/Application.json +++ b/templates/uco-observable/Application.json @@ -1,31 +1,36 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:application1", + "@id": "kb:Application-1", "@type": "uco-observable:Application", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:ApplicationFacet-1", + "@type": "uco-observable:ApplicationFacet", + "uco-observable:applicationIdentifier": null, + "uco-observable:installedVersionHistory": [], + "uco-observable:numberOfLaunches": null, + "uco-observable:operatingSystem": null, + "uco-observable:version": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ApplicationAccount.json b/templates/uco-observable/ApplicationAccount.json index 5e4fba3..662b3bc 100644 --- a/templates/uco-observable/ApplicationAccount.json +++ b/templates/uco-observable/ApplicationAccount.json @@ -1,31 +1,55 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:applicationaccount1", + "@id": "kb:ApplicationAccount-1", "@type": "uco-observable:ApplicationAccount", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + { + "@id": "kb:ApplicationAccountFacet-1", + "@type": "uco-observable:ApplicationAccountFacet", + "uco-observable:application": null + }, + { + "@id": "kb:DigitalAccountFacet-1", + "@type": "uco-observable:DigitalAccountFacet", + "uco-observable:accountLogin": [], + "uco-observable:displayName": null, + "uco-observable:firstLoginTime": null, + "uco-observable:isDisabled": null, + "uco-observable:lastLoginTime": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ApplicationAccountFacet.json b/templates/uco-observable/ApplicationAccountFacet.json index 9740ff9..cd80757 100644 --- a/templates/uco-observable/ApplicationAccountFacet.json +++ b/templates/uco-observable/ApplicationAccountFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:applicationaccountfacet1", + "@id": "kb:ApplicationAccountFacet-1", "@type": "uco-observable:ApplicationAccountFacet", "uco-observable:application": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ApplicationFacet.json b/templates/uco-observable/ApplicationFacet.json index f6e38b8..96d37fe 100644 --- a/templates/uco-observable/ApplicationFacet.json +++ b/templates/uco-observable/ApplicationFacet.json @@ -1,20 +1,18 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:applicationfacet1", + "@id": "kb:ApplicationFacet-1", "@type": "uco-observable:ApplicationFacet", "uco-observable:applicationIdentifier": null, + "uco-observable:installedVersionHistory": [], "uco-observable:numberOfLaunches": null, "uco-observable:operatingSystem": null, "uco-observable:version": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ApplicationVersion.json b/templates/uco-observable/ApplicationVersion.json new file mode 100644 index 0000000..1e653d4 --- /dev/null +++ b/templates/uco-observable/ApplicationVersion.json @@ -0,0 +1,16 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:ApplicationVersion-1", + "@type": "uco-observable:ApplicationVersion", + "uco-observable:installDate": null, + "uco-observable:uninstallDate": null, + "uco-observable:version": null + } + ] +} diff --git a/templates/uco-observable/ArchiveFile.json b/templates/uco-observable/ArchiveFile.json index 2198184..fb9caa5 100644 --- a/templates/uco-observable/ArchiveFile.json +++ b/templates/uco-observable/ArchiveFile.json @@ -1,31 +1,50 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:archivefile1", + "@id": "kb:ArchiveFile-1", "@type": "uco-observable:ArchiveFile", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:ArchiveFileFacet-1", + "@type": "uco-observable:ArchiveFileFacet", + "uco-observable:archiveType": null, + "uco-observable:comment": null, + "uco-observable:version": null + }, + { + "@id": "kb:FileFacet-1", + "@type": "uco-observable:FileFacet", + "uco-observable:accessedTime": null, + "uco-observable:allocationStatus": null, + "uco-observable:extension": null, + "uco-observable:fileName": [], + "uco-observable:filePath": [], + "uco-observable:isDirectory": [], + "uco-observable:metadataChangeTime": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:sizeInBytes": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ArchiveFileFacet.json b/templates/uco-observable/ArchiveFileFacet.json index 74d02de..e146025 100644 --- a/templates/uco-observable/ArchiveFileFacet.json +++ b/templates/uco-observable/ArchiveFileFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:archivefilefacet1", + "@id": "kb:ArchiveFileFacet-1", "@type": "uco-observable:ArchiveFileFacet", "uco-observable:archiveType": null, "uco-observable:comment": null, "uco-observable:version": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Audio.json b/templates/uco-observable/Audio.json index 481b8b1..cf13904 100644 --- a/templates/uco-observable/Audio.json +++ b/templates/uco-observable/Audio.json @@ -1,31 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:audio1", + "@id": "kb:Audio-1", "@type": "uco-observable:Audio", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:AudioFacet-1", + "@type": "uco-observable:AudioFacet", + "uco-observable:audioType": null, + "uco-observable:bitRate": null, + "uco-observable:duration": null, + "uco-observable:format": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AudioFacet.json b/templates/uco-observable/AudioFacet.json index d3fb4ed..dda1604 100644 --- a/templates/uco-observable/AudioFacet.json +++ b/templates/uco-observable/AudioFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:audiofacet1", + "@id": "kb:AudioFacet-1", "@type": "uco-observable:AudioFacet", "uco-observable:audioType": null, "uco-observable:bitRate": null, "uco-observable:duration": null, "uco-observable:format": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AutonomousSystem.json b/templates/uco-observable/AutonomousSystem.json index aff08b9..ecb3ea3 100644 --- a/templates/uco-observable/AutonomousSystem.json +++ b/templates/uco-observable/AutonomousSystem.json @@ -1,31 +1,34 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:autonomoussystem1", + "@id": "kb:AutonomousSystem-1", "@type": "uco-observable:AutonomousSystem", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:AutonomousSystemFacet-1", + "@type": "uco-observable:AutonomousSystemFacet", + "uco-observable:asHandle": null, + "uco-observable:number": null, + "uco-observable:regionalInternetRegistry": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/AutonomousSystemFacet.json b/templates/uco-observable/AutonomousSystemFacet.json index 30eae80..38c2581 100644 --- a/templates/uco-observable/AutonomousSystemFacet.json +++ b/templates/uco-observable/AutonomousSystemFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:autonomoussystemfacet1", + "@id": "kb:AutonomousSystemFacet-1", "@type": "uco-observable:AutonomousSystemFacet", "uco-observable:asHandle": null, "uco-observable:number": null, "uco-observable:regionalInternetRegistry": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/BlackberryPhone.json b/templates/uco-observable/BlackberryPhone.json new file mode 100644 index 0000000..3e49cc8 --- /dev/null +++ b/templates/uco-observable/BlackberryPhone.json @@ -0,0 +1,50 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:BlackberryPhone-1", + "@type": "uco-observable:BlackberryPhone", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:MobileDeviceFacet-1", + "@type": "uco-observable:MobileDeviceFacet", + "uco-observable:ESN": null, + "uco-observable:IMEI": [], + "uco-observable:bluetoothDeviceName": null, + "uco-observable:clockSetting": null, + "uco-observable:keypadUnlockCode": null, + "uco-observable:mockLocationsAllowed": null, + "uco-observable:network": null, + "uco-observable:phoneActivationTime": null, + "uco-observable:storageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/BlockDeviceNode.json b/templates/uco-observable/BlockDeviceNode.json index d2eb60a..1d26167 100644 --- a/templates/uco-observable/BlockDeviceNode.json +++ b/templates/uco-observable/BlockDeviceNode.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:blockdevicenode1", + "@id": "kb:BlockDeviceNode-1", "@type": "uco-observable:BlockDeviceNode", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/BluetoothAddress.json b/templates/uco-observable/BluetoothAddress.json index ece820a..f60ec4b 100644 --- a/templates/uco-observable/BluetoothAddress.json +++ b/templates/uco-observable/BluetoothAddress.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:bluetoothaddress1", + "@id": "kb:BluetoothAddress-1", "@type": "uco-observable:BluetoothAddress", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:BluetoothAddressFacet-1", + "@type": "uco-observable:BluetoothAddressFacet", + "uco-observable:addressValue": null, + "uco-observable:displayName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/BluetoothAddressFacet.json b/templates/uco-observable/BluetoothAddressFacet.json index 31b2ebc..5f30baa 100644 --- a/templates/uco-observable/BluetoothAddressFacet.json +++ b/templates/uco-observable/BluetoothAddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:bluetoothaddressfacet1", + "@id": "kb:BluetoothAddressFacet-1", "@type": "uco-observable:BluetoothAddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/BotConfiguration.json b/templates/uco-observable/BotConfiguration.json index ada2bb4..76b3630 100644 --- a/templates/uco-observable/BotConfiguration.json +++ b/templates/uco-observable/BotConfiguration.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:botconfiguration1", + "@id": "kb:BotConfiguration-1", "@type": "uco-observable:BotConfiguration", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/BrowserBookmark.json b/templates/uco-observable/BrowserBookmark.json index bf1ae0c..f54219a 100644 --- a/templates/uco-observable/BrowserBookmark.json +++ b/templates/uco-observable/BrowserBookmark.json @@ -1,31 +1,38 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:browserbookmark1", + "@id": "kb:BrowserBookmark-1", "@type": "uco-observable:BrowserBookmark", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:BrowserBookmarkFacet-1", + "@type": "uco-observable:BrowserBookmarkFacet", + "uco-observable:accessedTime": null, + "uco-observable:application": null, + "uco-observable:bookmarkPath": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:urlTargeted": [], + "uco-observable:visitCount": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/BrowserBookmarkFacet.json b/templates/uco-observable/BrowserBookmarkFacet.json index badebbb..a07634c 100644 --- a/templates/uco-observable/BrowserBookmarkFacet.json +++ b/templates/uco-observable/BrowserBookmarkFacet.json @@ -1,23 +1,20 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:browserbookmarkfacet1", + "@id": "kb:BrowserBookmarkFacet-1", "@type": "uco-observable:BrowserBookmarkFacet", "uco-observable:accessedTime": null, "uco-observable:application": null, "uco-observable:bookmarkPath": null, "uco-observable:modifiedTime": null, "uco-observable:observableCreatedTime": null, - "uco-observable:urlTargeted": null, + "uco-observable:urlTargeted": [], "uco-observable:visitCount": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/BrowserCookie.json b/templates/uco-observable/BrowserCookie.json index 25becb3..5c4e810 100644 --- a/templates/uco-observable/BrowserCookie.json +++ b/templates/uco-observable/BrowserCookie.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:browsercookie1", + "@id": "kb:BrowserCookie-1", "@type": "uco-observable:BrowserCookie", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:BrowserCookieFacet-1", + "@type": "uco-observable:BrowserCookieFacet", + "uco-observable:accessedTime": null, + "uco-observable:application": null, + "uco-observable:cookieDomain": null, + "uco-observable:cookieName": null, + "uco-observable:cookiePath": null, + "uco-observable:expirationTime": null, + "uco-observable:isSecure": null, + "uco-observable:observableCreatedTime": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/BrowserCookieFacet.json b/templates/uco-observable/BrowserCookieFacet.json index 10d04f2..8996dc0 100644 --- a/templates/uco-observable/BrowserCookieFacet.json +++ b/templates/uco-observable/BrowserCookieFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:browsercookiefacet1", + "@id": "kb:BrowserCookieFacet-1", "@type": "uco-observable:BrowserCookieFacet", "uco-observable:accessedTime": null, "uco-observable:application": null, @@ -16,9 +17,5 @@ "uco-observable:isSecure": null, "uco-observable:observableCreatedTime": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Calendar.json b/templates/uco-observable/Calendar.json index cce76d2..a113ce9 100644 --- a/templates/uco-observable/Calendar.json +++ b/templates/uco-observable/Calendar.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:calendar1", + "@id": "kb:Calendar-1", "@type": "uco-observable:Calendar", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:CalendarFacet-1", + "@type": "uco-observable:CalendarFacet", + "uco-observable:application": null, + "uco-observable:owner": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/CalendarEntry.json b/templates/uco-observable/CalendarEntry.json index 97289d7..e1164fa 100644 --- a/templates/uco-observable/CalendarEntry.json +++ b/templates/uco-observable/CalendarEntry.json @@ -1,31 +1,46 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:calendarentry1", + "@id": "kb:CalendarEntry-1", "@type": "uco-observable:CalendarEntry", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:CalendarEntryFacet-1", + "@type": "uco-observable:CalendarEntryFacet", + "uco-observable:application": null, + "uco-observable:attendant": [], + "uco-observable:duration": null, + "uco-observable:endTime": null, + "uco-observable:eventStatus": null, + "uco-observable:eventType": null, + "uco-observable:isPrivate": null, + "uco-observable:location": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null, + "uco-observable:recurrence": null, + "uco-observable:remindTime": null, + "uco-observable:startTime": null, + "uco-observable:subject": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/CalendarEntryFacet.json b/templates/uco-observable/CalendarEntryFacet.json index 3b8da39..86bf70c 100644 --- a/templates/uco-observable/CalendarEntryFacet.json +++ b/templates/uco-observable/CalendarEntryFacet.json @@ -1,14 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:calendarentryfacet1", + "@id": "kb:CalendarEntryFacet-1", "@type": "uco-observable:CalendarEntryFacet", "uco-observable:application": null, - "uco-observable:attendant": null, + "uco-observable:attendant": [], "uco-observable:duration": null, "uco-observable:endTime": null, "uco-observable:eventStatus": null, @@ -23,9 +24,5 @@ "uco-observable:startTime": null, "uco-observable:subject": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/CalendarFacet.json b/templates/uco-observable/CalendarFacet.json index 0d2d505..a74f569 100644 --- a/templates/uco-observable/CalendarFacet.json +++ b/templates/uco-observable/CalendarFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:calendarfacet1", + "@id": "kb:CalendarFacet-1", "@type": "uco-observable:CalendarFacet", "uco-observable:application": null, "uco-observable:owner": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Call.json b/templates/uco-observable/Call.json index 20eb55c..5f29cc7 100644 --- a/templates/uco-observable/Call.json +++ b/templates/uco-observable/Call.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:call1", + "@id": "kb:Call-1", "@type": "uco-observable:Call", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:CallFacet-1", + "@type": "uco-observable:CallFacet", + "uco-observable:application": null, + "uco-observable:callType": null, + "uco-observable:duration": null, + "uco-observable:endTime": null, + "uco-observable:from": null, + "uco-observable:participant": [], + "uco-observable:startTime": null, + "uco-observable:to": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/CallFacet.json b/templates/uco-observable/CallFacet.json index 8233da0..b0ac668 100644 --- a/templates/uco-observable/CallFacet.json +++ b/templates/uco-observable/CallFacet.json @@ -1,24 +1,21 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:callfacet1", + "@id": "kb:CallFacet-1", "@type": "uco-observable:CallFacet", "uco-observable:application": null, "uco-observable:callType": null, "uco-observable:duration": null, "uco-observable:endTime": null, "uco-observable:from": null, - "uco-observable:participant": null, + "uco-observable:participant": [], "uco-observable:startTime": null, - "uco-observable:to": null + "uco-observable:to": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/CapturedTelecommunicationsInformation.json b/templates/uco-observable/CapturedTelecommunicationsInformation.json new file mode 100644 index 0000000..692a043 --- /dev/null +++ b/templates/uco-observable/CapturedTelecommunicationsInformation.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:CapturedTelecommunicationsInformation-1", + "@type": "uco-observable:CapturedTelecommunicationsInformation", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:CapturedTelecommunicationsInformationFacet-1", + "@type": "uco-observable:CapturedTelecommunicationsInformationFacet", + "uco-observable:captureCellSite": null, + "uco-observable:endTime": null, + "uco-observable:interceptedCallState": null, + "uco-observable:startTime": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/CapturedTelecommunicationsInformationFacet.json b/templates/uco-observable/CapturedTelecommunicationsInformationFacet.json new file mode 100644 index 0000000..04f781f --- /dev/null +++ b/templates/uco-observable/CapturedTelecommunicationsInformationFacet.json @@ -0,0 +1,17 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:CapturedTelecommunicationsInformationFacet-1", + "@type": "uco-observable:CapturedTelecommunicationsInformationFacet", + "uco-observable:captureCellSite": null, + "uco-observable:endTime": null, + "uco-observable:interceptedCallState": null, + "uco-observable:startTime": null + } + ] +} diff --git a/templates/uco-observable/CellSite.json b/templates/uco-observable/CellSite.json new file mode 100644 index 0000000..fb6ae9f --- /dev/null +++ b/templates/uco-observable/CellSite.json @@ -0,0 +1,36 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:CellSite-1", + "@type": "uco-observable:CellSite", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:CellSiteFacet-1", + "@type": "uco-observable:CellSiteFacet", + "uco-observable:cellSiteCountryCode": null, + "uco-observable:cellSiteIdentifier": null, + "uco-observable:cellSiteLocationAreaCode": null, + "uco-observable:cellSiteNetworkCode": null, + "uco-observable:cellSiteType": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/CellSiteFacet.json b/templates/uco-observable/CellSiteFacet.json new file mode 100644 index 0000000..915d26e --- /dev/null +++ b/templates/uco-observable/CellSiteFacet.json @@ -0,0 +1,18 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:CellSiteFacet-1", + "@type": "uco-observable:CellSiteFacet", + "uco-observable:cellSiteCountryCode": null, + "uco-observable:cellSiteIdentifier": null, + "uco-observable:cellSiteLocationAreaCode": null, + "uco-observable:cellSiteNetworkCode": null, + "uco-observable:cellSiteType": null + } + ] +} diff --git a/templates/uco-observable/CharacterDeviceNode.json b/templates/uco-observable/CharacterDeviceNode.json index 3e5ef20..05cc358 100644 --- a/templates/uco-observable/CharacterDeviceNode.json +++ b/templates/uco-observable/CharacterDeviceNode.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:characterdevicenode1", + "@id": "kb:CharacterDeviceNode-1", "@type": "uco-observable:CharacterDeviceNode", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Code.json b/templates/uco-observable/Code.json index 1b52c7b..ba9377e 100644 --- a/templates/uco-observable/Code.json +++ b/templates/uco-observable/Code.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:code1", + "@id": "kb:Code-1", "@type": "uco-observable:Code", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/CompressedStreamFacet.json b/templates/uco-observable/CompressedStreamFacet.json index 9da539c..545b796 100644 --- a/templates/uco-observable/CompressedStreamFacet.json +++ b/templates/uco-observable/CompressedStreamFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:compressedstreamfacet1", + "@id": "kb:CompressedStreamFacet-1", "@type": "uco-observable:CompressedStreamFacet", "uco-observable:compressionMethod": null, "uco-observable:compressionRatio": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Computer.json b/templates/uco-observable/Computer.json new file mode 100644 index 0000000..23acdd9 --- /dev/null +++ b/templates/uco-observable/Computer.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Computer-1", + "@type": "uco-observable:Computer", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/ComputerSpecification.json b/templates/uco-observable/ComputerSpecification.json index 72c161a..9808b68 100644 --- a/templates/uco-observable/ComputerSpecification.json +++ b/templates/uco-observable/ComputerSpecification.json @@ -1,31 +1,51 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:computerspecification1", + "@id": "kb:ComputerSpecification-1", "@type": "uco-observable:ComputerSpecification", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:ComputerSpecificationFacet-1", + "@type": "uco-observable:ComputerSpecificationFacet", + "uco-observable:availableRam": null, + "uco-observable:biosDate": null, + "uco-observable:biosManufacturer": null, + "uco-observable:biosReleaseDate": null, + "uco-observable:biosSerialNumber": null, + "uco-observable:biosVersion": null, + "uco-observable:cpu": null, + "uco-observable:cpuFamily": null, + "uco-observable:currentSystemDate": null, + "uco-observable:gpu": null, + "uco-observable:gpuFamily": null, + "uco-observable:hostname": null, + "uco-observable:localTime": null, + "uco-observable:networkInterface": [], + "uco-observable:processorArchitecture": null, + "uco-observable:systemTime": null, + "uco-observable:timezoneDST": null, + "uco-observable:timezoneStandard": null, + "uco-observable:totalRam": null, + "uco-observable:uptime": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ComputerSpecificationFacet.json b/templates/uco-observable/ComputerSpecificationFacet.json index b083df9..b912bf0 100644 --- a/templates/uco-observable/ComputerSpecificationFacet.json +++ b/templates/uco-observable/ComputerSpecificationFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:computerspecificationfacet1", + "@id": "kb:ComputerSpecificationFacet-1", "@type": "uco-observable:ComputerSpecificationFacet", "uco-observable:availableRam": null, "uco-observable:biosDate": null, @@ -20,7 +21,7 @@ "uco-observable:gpuFamily": null, "uco-observable:hostname": null, "uco-observable:localTime": null, - "uco-observable:networkInterface": null, + "uco-observable:networkInterface": [], "uco-observable:processorArchitecture": null, "uco-observable:systemTime": null, "uco-observable:timezoneDST": null, @@ -28,9 +29,5 @@ "uco-observable:totalRam": null, "uco-observable:uptime": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ConfiguredSoftware.json b/templates/uco-observable/ConfiguredSoftware.json new file mode 100644 index 0000000..505e98b --- /dev/null +++ b/templates/uco-observable/ConfiguredSoftware.json @@ -0,0 +1,39 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-configuration": "https://ontology.unifiedcyberontology.org/uco/configuration/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:ConfiguredSoftware-1", + "@type": "uco-observable:ConfiguredSoftware", + "case-investigation:wasDerivedFrom": [], + "uco-configuration:isConfigurationOf": null, + "uco-configuration:usesConfiguration": null, + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:SoftwareFacet-1", + "@type": "uco-observable:SoftwareFacet", + "uco-observable:cpeid": null, + "uco-observable:language": null, + "uco-observable:manufacturer": null, + "uco-observable:swid": null, + "uco-observable:version": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/Contact.json b/templates/uco-observable/Contact.json index 4f18d5e..0daceff 100644 --- a/templates/uco-observable/Contact.json +++ b/templates/uco-observable/Contact.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contact1", + "@id": "kb:Contact-1", "@type": "uco-observable:Contact", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactAddress.json b/templates/uco-observable/ContactAddress.json index ce78795..2247c90 100644 --- a/templates/uco-observable/ContactAddress.json +++ b/templates/uco-observable/ContactAddress.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactaddress1", + "@id": "kb:ContactAddress-1", "@type": "uco-observable:ContactAddress", "uco-observable:contactAddressScope": null, "uco-observable:geolocationAddress": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactAffiliation.json b/templates/uco-observable/ContactAffiliation.json index fee71f2..5917bcb 100644 --- a/templates/uco-observable/ContactAffiliation.json +++ b/templates/uco-observable/ContactAffiliation.json @@ -1,25 +1,22 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactaffiliation1", + "@id": "kb:ContactAffiliation-1", "@type": "uco-observable:ContactAffiliation", - "uco-observable:contactEmail": null, - "uco-observable:contactMessaging": null, + "uco-observable:contactEmail": [], + "uco-observable:contactMessaging": [], "uco-observable:contactOrganization": null, - "uco-observable:contactPhone": null, - "uco-observable:contactProfile": null, - "uco-observable:contactURL": null, + "uco-observable:contactPhone": [], + "uco-observable:contactProfile": [], + "uco-observable:contactURL": [], "uco-observable:organizationDepartment": null, - "uco-observable:organizationLocation": null, + "uco-observable:organizationLocation": [], "uco-observable:organizationPosition": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactEmail.json b/templates/uco-observable/ContactEmail.json index 41d0dde..e440596 100644 --- a/templates/uco-observable/ContactEmail.json +++ b/templates/uco-observable/ContactEmail.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactemail1", + "@id": "kb:ContactEmail-1", "@type": "uco-observable:ContactEmail", "uco-observable:contactEmailScope": null, "uco-observable:emailAddress": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactFacet.json b/templates/uco-observable/ContactFacet.json index eb474ca..2e0e7a3 100644 --- a/templates/uco-observable/ContactFacet.json +++ b/templates/uco-observable/ContactFacet.json @@ -1,25 +1,26 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactfacet1", + "@id": "kb:ContactFacet-1", "@type": "uco-observable:ContactFacet", "uco-identity:birthdate": null, - "uco-observable:contactAddress": null, - "uco-observable:contactAffiliation": null, - "uco-observable:contactEmail": null, - "uco-observable:contactGroup": null, + "uco-observable:contactAddress": [], + "uco-observable:contactAffiliation": [], + "uco-observable:contactEmail": [], + "uco-observable:contactGroup": [], "uco-observable:contactID": null, - "uco-observable:contactMessaging": null, - "uco-observable:contactNote": null, - "uco-observable:contactPhone": null, - "uco-observable:contactProfile": null, - "uco-observable:contactSIP": null, - "uco-observable:contactURL": null, + "uco-observable:contactMessaging": [], + "uco-observable:contactNote": [], + "uco-observable:contactPhone": [], + "uco-observable:contactProfile": [], + "uco-observable:contactSIP": [], + "uco-observable:contactURL": [], "uco-observable:displayName": null, "uco-observable:firstName": null, "uco-observable:lastName": null, @@ -28,13 +29,9 @@ "uco-observable:namePhonetic": null, "uco-observable:namePrefix": null, "uco-observable:nameSuffix": null, - "uco-observable:nickname": null, + "uco-observable:nickname": [], "uco-observable:numberTimesContacted": null, "uco-observable:sourceApplication": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactList.json b/templates/uco-observable/ContactList.json index 3dd90ff..6532ddb 100644 --- a/templates/uco-observable/ContactList.json +++ b/templates/uco-observable/ContactList.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactlist1", + "@id": "kb:ContactList-1", "@type": "uco-observable:ContactList", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:ContactListFacet-1", + "@type": "uco-observable:ContactListFacet", + "uco-observable:contact": [], + "uco-observable:sourceApplication": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactListFacet.json b/templates/uco-observable/ContactListFacet.json index cd79068..cb56cd2 100644 --- a/templates/uco-observable/ContactListFacet.json +++ b/templates/uco-observable/ContactListFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactlistfacet1", + "@id": "kb:ContactListFacet-1", "@type": "uco-observable:ContactListFacet", - "uco-observable:contact": null, + "uco-observable:contact": [], "uco-observable:sourceApplication": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactMessaging.json b/templates/uco-observable/ContactMessaging.json index 09b1f45..ab70f90 100644 --- a/templates/uco-observable/ContactMessaging.json +++ b/templates/uco-observable/ContactMessaging.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactmessaging1", + "@id": "kb:ContactMessaging-1", "@type": "uco-observable:ContactMessaging", "uco-observable:contactMessagingPlatform": null, "uco-observable:messagingAddress": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactPhone.json b/templates/uco-observable/ContactPhone.json index c6ec1ab..64b46ed 100644 --- a/templates/uco-observable/ContactPhone.json +++ b/templates/uco-observable/ContactPhone.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactphone1", + "@id": "kb:ContactPhone-1", "@type": "uco-observable:ContactPhone", "uco-observable:contactPhoneNumber": null, "uco-observable:contactPhoneScope": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactProfile.json b/templates/uco-observable/ContactProfile.json index 48a7a03..112e017 100644 --- a/templates/uco-observable/ContactProfile.json +++ b/templates/uco-observable/ContactProfile.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactprofile1", + "@id": "kb:ContactProfile-1", "@type": "uco-observable:ContactProfile", "uco-observable:contactProfilePlatform": null, "uco-observable:profile": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactSIP.json b/templates/uco-observable/ContactSIP.json index 66f2298..200edff 100644 --- a/templates/uco-observable/ContactSIP.json +++ b/templates/uco-observable/ContactSIP.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contactsip1", + "@id": "kb:ContactSIP-1", "@type": "uco-observable:ContactSIP", "uco-observable:contactSIPScope": null, "uco-observable:sipAddress": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContactURL.json b/templates/uco-observable/ContactURL.json index f32fc85..d4f43e5 100644 --- a/templates/uco-observable/ContactURL.json +++ b/templates/uco-observable/ContactURL.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contacturl1", + "@id": "kb:ContactURL-1", "@type": "uco-observable:ContactURL", "uco-observable:contactURLScope": null, "uco-observable:url": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContentData.json b/templates/uco-observable/ContentData.json index 155df9f..32cc6f0 100644 --- a/templates/uco-observable/ContentData.json +++ b/templates/uco-observable/ContentData.json @@ -1,31 +1,41 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contentdata1", + "@id": "kb:ContentData-1", "@type": "uco-observable:ContentData", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:ContentDataFacet-1", + "@type": "uco-observable:ContentDataFacet", + "uco-observable:byteOrder": null, + "uco-observable:dataPayload": null, + "uco-observable:dataPayloadReferenceURL": null, + "uco-observable:entropy": null, + "uco-observable:hash": [], + "uco-observable:isEncrypted": null, + "uco-observable:magicNumber": null, + "uco-observable:mimeClass": null, + "uco-observable:mimeType": [], + "uco-observable:sizeInBytes": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ContentDataFacet.json b/templates/uco-observable/ContentDataFacet.json index 26df141..056ad8a 100644 --- a/templates/uco-observable/ContentDataFacet.json +++ b/templates/uco-observable/ContentDataFacet.json @@ -1,26 +1,23 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:contentdatafacet1", + "@id": "kb:ContentDataFacet-1", "@type": "uco-observable:ContentDataFacet", "uco-observable:byteOrder": null, "uco-observable:dataPayload": null, "uco-observable:dataPayloadReferenceURL": null, "uco-observable:entropy": null, - "uco-observable:hash": null, + "uco-observable:hash": [], "uco-observable:isEncrypted": null, "uco-observable:magicNumber": null, "uco-observable:mimeClass": null, - "uco-observable:mimeType": null, + "uco-observable:mimeType": [], "uco-observable:sizeInBytes": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/CookieHistory.json b/templates/uco-observable/CookieHistory.json index f146282..a81429c 100644 --- a/templates/uco-observable/CookieHistory.json +++ b/templates/uco-observable/CookieHistory.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:cookiehistory1", + "@id": "kb:CookieHistory-1", "@type": "uco-observable:CookieHistory", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Credential.json b/templates/uco-observable/Credential.json index 7004e72..a6148e5 100644 --- a/templates/uco-observable/Credential.json +++ b/templates/uco-observable/Credential.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:credential1", + "@id": "kb:Credential-1", "@type": "uco-observable:Credential", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/CredentialDump.json b/templates/uco-observable/CredentialDump.json index da0fd66..a5c879d 100644 --- a/templates/uco-observable/CredentialDump.json +++ b/templates/uco-observable/CredentialDump.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:credentialdump1", + "@id": "kb:CredentialDump-1", "@type": "uco-observable:CredentialDump", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DNSCache.json b/templates/uco-observable/DNSCache.json index 4b18de2..0ae59a5 100644 --- a/templates/uco-observable/DNSCache.json +++ b/templates/uco-observable/DNSCache.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:dnscache1", + "@id": "kb:DNSCache-1", "@type": "uco-observable:DNSCache", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DNSRecord.json b/templates/uco-observable/DNSRecord.json index cbe9e32..3c51c58 100644 --- a/templates/uco-observable/DNSRecord.json +++ b/templates/uco-observable/DNSRecord.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:dnsrecord1", + "@id": "kb:DNSRecord-1", "@type": "uco-observable:DNSRecord", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DataRangeFacet.json b/templates/uco-observable/DataRangeFacet.json index b282157..f330193 100644 --- a/templates/uco-observable/DataRangeFacet.json +++ b/templates/uco-observable/DataRangeFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:datarangefacet1", + "@id": "kb:DataRangeFacet-1", "@type": "uco-observable:DataRangeFacet", "uco-observable:rangeOffset": null, "uco-observable:rangeOffsetType": null, "uco-observable:rangeSize": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DefinedEffectFacet.json b/templates/uco-observable/DefinedEffectFacet.json index 1e8a141..3cb4f7c 100644 --- a/templates/uco-observable/DefinedEffectFacet.json +++ b/templates/uco-observable/DefinedEffectFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:definedeffectfacet1", + "@id": "kb:DefinedEffectFacet-1", "@type": "uco-observable:DefinedEffectFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Device.json b/templates/uco-observable/Device.json index 2dea664..26dac27 100644 --- a/templates/uco-observable/Device.json +++ b/templates/uco-observable/Device.json @@ -1,31 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:device1", + "@id": "kb:Device-1", "@type": "uco-observable:Device", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DeviceFacet.json b/templates/uco-observable/DeviceFacet.json index b53c480..6773f43 100644 --- a/templates/uco-observable/DeviceFacet.json +++ b/templates/uco-observable/DeviceFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:devicefacet1", + "@id": "kb:DeviceFacet-1", "@type": "uco-observable:DeviceFacet", "uco-observable:deviceType": null, "uco-observable:manufacturer": null, "uco-observable:model": null, "uco-observable:serialNumber": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DigitalAccount.json b/templates/uco-observable/DigitalAccount.json index 238fef1..419c7c7 100644 --- a/templates/uco-observable/DigitalAccount.json +++ b/templates/uco-observable/DigitalAccount.json @@ -1,31 +1,50 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:digitalaccount1", + "@id": "kb:DigitalAccount-1", "@type": "uco-observable:DigitalAccount", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + { + "@id": "kb:DigitalAccountFacet-1", + "@type": "uco-observable:DigitalAccountFacet", + "uco-observable:accountLogin": [], + "uco-observable:displayName": null, + "uco-observable:firstLoginTime": null, + "uco-observable:isDisabled": null, + "uco-observable:lastLoginTime": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DigitalAccountFacet.json b/templates/uco-observable/DigitalAccountFacet.json index cd5988c..961becc 100644 --- a/templates/uco-observable/DigitalAccountFacet.json +++ b/templates/uco-observable/DigitalAccountFacet.json @@ -1,21 +1,18 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:digitalaccountfacet1", + "@id": "kb:DigitalAccountFacet-1", "@type": "uco-observable:DigitalAccountFacet", - "uco-observable:accountLogin": null, + "uco-observable:accountLogin": [], "uco-observable:displayName": null, "uco-observable:firstLoginTime": null, "uco-observable:isDisabled": null, "uco-observable:lastLoginTime": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DigitalAddress.json b/templates/uco-observable/DigitalAddress.json index b73dbab..f28e9b7 100644 --- a/templates/uco-observable/DigitalAddress.json +++ b/templates/uco-observable/DigitalAddress.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:digitaladdress1", + "@id": "kb:DigitalAddress-1", "@type": "uco-observable:DigitalAddress", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DigitalAddressFacet.json b/templates/uco-observable/DigitalAddressFacet.json index ec3bf2b..fb30507 100644 --- a/templates/uco-observable/DigitalAddressFacet.json +++ b/templates/uco-observable/DigitalAddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:digitaladdressfacet1", + "@id": "kb:DigitalAddressFacet-1", "@type": "uco-observable:DigitalAddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DigitalCamera.json b/templates/uco-observable/DigitalCamera.json new file mode 100644 index 0000000..7e2601d --- /dev/null +++ b/templates/uco-observable/DigitalCamera.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:DigitalCamera-1", + "@type": "uco-observable:DigitalCamera", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/DigitalSignatureInfo.json b/templates/uco-observable/DigitalSignatureInfo.json index 181772f..02cf181 100644 --- a/templates/uco-observable/DigitalSignatureInfo.json +++ b/templates/uco-observable/DigitalSignatureInfo.json @@ -1,31 +1,36 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:digitalsignatureinfo1", + "@id": "kb:DigitalSignatureInfo-1", "@type": "uco-observable:DigitalSignatureInfo", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DigitalSignatureInfoFacet-1", + "@type": "uco-observable:DigitalSignatureInfoFacet", + "uco-observable:certificateIssuer": null, + "uco-observable:certificateSubject": null, + "uco-observable:signatureDescription": null, + "uco-observable:signatureExists": null, + "uco-observable:signatureVerified": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DigitalSignatureInfoFacet.json b/templates/uco-observable/DigitalSignatureInfoFacet.json index 5ab381e..f8b5fd0 100644 --- a/templates/uco-observable/DigitalSignatureInfoFacet.json +++ b/templates/uco-observable/DigitalSignatureInfoFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:digitalsignatureinfofacet1", + "@id": "kb:DigitalSignatureInfoFacet-1", "@type": "uco-observable:DigitalSignatureInfoFacet", "uco-observable:certificateIssuer": null, "uco-observable:certificateSubject": null, @@ -13,9 +14,5 @@ "uco-observable:signatureExists": null, "uco-observable:signatureVerified": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Directory.json b/templates/uco-observable/Directory.json index 63bef94..9746670 100644 --- a/templates/uco-observable/Directory.json +++ b/templates/uco-observable/Directory.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:directory1", + "@id": "kb:Directory-1", "@type": "uco-observable:Directory", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Disk.json b/templates/uco-observable/Disk.json index 6c51737..923df97 100644 --- a/templates/uco-observable/Disk.json +++ b/templates/uco-observable/Disk.json @@ -1,31 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:disk1", + "@id": "kb:Disk-1", "@type": "uco-observable:Disk", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DiskFacet-1", + "@type": "uco-observable:DiskFacet", + "uco-observable:diskSize": null, + "uco-observable:diskType": null, + "uco-observable:freeSpace": null, + "uco-observable:partition": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DiskFacet.json b/templates/uco-observable/DiskFacet.json index 06aedbe..d4c9b2d 100644 --- a/templates/uco-observable/DiskFacet.json +++ b/templates/uco-observable/DiskFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:diskfacet1", + "@id": "kb:DiskFacet-1", "@type": "uco-observable:DiskFacet", "uco-observable:diskSize": null, "uco-observable:diskType": null, "uco-observable:freeSpace": null, - "uco-observable:partition": null + "uco-observable:partition": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DiskPartition.json b/templates/uco-observable/DiskPartition.json index 836d92e..37acb20 100644 --- a/templates/uco-observable/DiskPartition.json +++ b/templates/uco-observable/DiskPartition.json @@ -1,31 +1,40 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:diskpartition1", + "@id": "kb:DiskPartition-1", "@type": "uco-observable:DiskPartition", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DiskPartitionFacet-1", + "@type": "uco-observable:DiskPartitionFacet", + "uco-observable:diskPartitionType": null, + "uco-observable:mountPoint": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:partitionID": null, + "uco-observable:partitionLength": null, + "uco-observable:partitionOffset": null, + "uco-observable:spaceLeft": null, + "uco-observable:spaceUsed": null, + "uco-observable:totalSpace": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DiskPartitionFacet.json b/templates/uco-observable/DiskPartitionFacet.json index 675632a..37f81d4 100644 --- a/templates/uco-observable/DiskPartitionFacet.json +++ b/templates/uco-observable/DiskPartitionFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:diskpartitionfacet1", + "@id": "kb:DiskPartitionFacet-1", "@type": "uco-observable:DiskPartitionFacet", "uco-observable:diskPartitionType": null, "uco-observable:mountPoint": null, @@ -17,9 +18,5 @@ "uco-observable:spaceUsed": null, "uco-observable:totalSpace": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DomainName.json b/templates/uco-observable/DomainName.json index 6dbea29..545f153 100644 --- a/templates/uco-observable/DomainName.json +++ b/templates/uco-observable/DomainName.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:domainname1", + "@id": "kb:DomainName-1", "@type": "uco-observable:DomainName", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DomainNameFacet-1", + "@type": "uco-observable:DomainNameFacet", + "uco-observable:isTLD": null, + "uco-observable:value": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/DomainNameFacet.json b/templates/uco-observable/DomainNameFacet.json index 25a15be..dd3f816 100644 --- a/templates/uco-observable/DomainNameFacet.json +++ b/templates/uco-observable/DomainNameFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:domainnamefacet1", + "@id": "kb:DomainNameFacet-1", "@type": "uco-observable:DomainNameFacet", "uco-observable:isTLD": null, "uco-observable:value": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Drone.json b/templates/uco-observable/Drone.json new file mode 100644 index 0000000..13727b9 --- /dev/null +++ b/templates/uco-observable/Drone.json @@ -0,0 +1,50 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Drone-1", + "@type": "uco-observable:Drone", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:MobileDeviceFacet-1", + "@type": "uco-observable:MobileDeviceFacet", + "uco-observable:ESN": null, + "uco-observable:IMEI": [], + "uco-observable:bluetoothDeviceName": null, + "uco-observable:clockSetting": null, + "uco-observable:keypadUnlockCode": null, + "uco-observable:mockLocationsAllowed": null, + "uco-observable:network": null, + "uco-observable:phoneActivationTime": null, + "uco-observable:storageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/EXIFFacet.json b/templates/uco-observable/EXIFFacet.json index fb27def..2b93f6a 100644 --- a/templates/uco-observable/EXIFFacet.json +++ b/templates/uco-observable/EXIFFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:exiffacet1", + "@id": "kb:EXIFFacet-1", "@type": "uco-observable:EXIFFacet", - "uco-observable:exifData": null + "uco-observable:exifData": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EmailAccount.json b/templates/uco-observable/EmailAccount.json index 5940629..3d6874c 100644 --- a/templates/uco-observable/EmailAccount.json +++ b/templates/uco-observable/EmailAccount.json @@ -1,31 +1,55 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:emailaccount1", + "@id": "kb:EmailAccount-1", "@type": "uco-observable:EmailAccount", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + { + "@id": "kb:DigitalAccountFacet-1", + "@type": "uco-observable:DigitalAccountFacet", + "uco-observable:accountLogin": [], + "uco-observable:displayName": null, + "uco-observable:firstLoginTime": null, + "uco-observable:isDisabled": null, + "uco-observable:lastLoginTime": null + }, + { + "@id": "kb:EmailAccountFacet-1", + "@type": "uco-observable:EmailAccountFacet", + "uco-observable:emailAddress": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EmailAccountFacet.json b/templates/uco-observable/EmailAccountFacet.json index bf4da6f..2f08bf0 100644 --- a/templates/uco-observable/EmailAccountFacet.json +++ b/templates/uco-observable/EmailAccountFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:emailaccountfacet1", + "@id": "kb:EmailAccountFacet-1", "@type": "uco-observable:EmailAccountFacet", "uco-observable:emailAddress": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EmailAddress.json b/templates/uco-observable/EmailAddress.json index 07ca6e8..35af20d 100644 --- a/templates/uco-observable/EmailAddress.json +++ b/templates/uco-observable/EmailAddress.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:emailaddress1", + "@id": "kb:EmailAddress-1", "@type": "uco-observable:EmailAddress", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:EmailAddressFacet-1", + "@type": "uco-observable:EmailAddressFacet", + "uco-observable:addressValue": null, + "uco-observable:displayName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EmailAddressFacet.json b/templates/uco-observable/EmailAddressFacet.json index 759261c..d62832d 100644 --- a/templates/uco-observable/EmailAddressFacet.json +++ b/templates/uco-observable/EmailAddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:emailaddressfacet1", + "@id": "kb:EmailAddressFacet-1", "@type": "uco-observable:EmailAddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EmailMessage.json b/templates/uco-observable/EmailMessage.json index 1b2970e..92c61bb 100644 --- a/templates/uco-observable/EmailMessage.json +++ b/templates/uco-observable/EmailMessage.json @@ -1,31 +1,74 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:emailmessage1", + "@id": "kb:EmailMessage-1", "@type": "uco-observable:EmailMessage", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:EmailMessageFacet-1", + "@type": "uco-observable:EmailMessageFacet", + "uco-observable:application": null, + "uco-observable:bcc": [], + "uco-observable:body": null, + "uco-observable:bodyMultipart": [], + "uco-observable:bodyRaw": null, + "uco-observable:categories": [], + "uco-observable:cc": [], + "uco-observable:contentDisposition": null, + "uco-observable:contentType": null, + "uco-observable:from": null, + "uco-observable:headerRaw": null, + "uco-observable:inReplyTo": null, + "uco-observable:isMimeEncoded": null, + "uco-observable:isMultipart": null, + "uco-observable:isRead": null, + "uco-observable:labels": [], + "uco-observable:messageID": null, + "uco-observable:modifiedTime": null, + "uco-observable:otherHeaders": null, + "uco-observable:priority": null, + "uco-observable:receivedLines": [], + "uco-observable:receivedTime": null, + "uco-observable:references": [], + "uco-observable:sender": null, + "uco-observable:sentTime": null, + "uco-observable:subject": null, + "uco-observable:to": [], + "uco-observable:xMailer": null, + "uco-observable:xOriginatingIP": null + }, + { + "@id": "kb:MessageFacet-1", + "@type": "uco-observable:MessageFacet", + "uco-observable:application": null, + "uco-observable:from": null, + "uco-observable:messageID": null, + "uco-observable:messageText": null, + "uco-observable:messageType": null, + "uco-observable:sentTime": null, + "uco-observable:sessionID": null, + "uco-observable:to": [] + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EmailMessageFacet.json b/templates/uco-observable/EmailMessageFacet.json index 67ad88e..3b995fe 100644 --- a/templates/uco-observable/EmailMessageFacet.json +++ b/templates/uco-observable/EmailMessageFacet.json @@ -1,19 +1,20 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:emailmessagefacet1", + "@id": "kb:EmailMessageFacet-1", "@type": "uco-observable:EmailMessageFacet", "uco-observable:application": null, - "uco-observable:bcc": null, + "uco-observable:bcc": [], "uco-observable:body": null, - "uco-observable:bodyMultipart": null, + "uco-observable:bodyMultipart": [], "uco-observable:bodyRaw": null, - "uco-observable:categories": null, - "uco-observable:cc": null, + "uco-observable:categories": [], + "uco-observable:cc": [], "uco-observable:contentDisposition": null, "uco-observable:contentType": null, "uco-observable:from": null, @@ -22,24 +23,20 @@ "uco-observable:isMimeEncoded": null, "uco-observable:isMultipart": null, "uco-observable:isRead": null, - "uco-observable:labels": null, + "uco-observable:labels": [], "uco-observable:messageID": null, "uco-observable:modifiedTime": null, "uco-observable:otherHeaders": null, "uco-observable:priority": null, - "uco-observable:receivedLines": null, + "uco-observable:receivedLines": [], "uco-observable:receivedTime": null, - "uco-observable:references": null, + "uco-observable:references": [], "uco-observable:sender": null, "uco-observable:sentTime": null, "uco-observable:subject": null, - "uco-observable:to": null, + "uco-observable:to": [], "uco-observable:xMailer": null, "uco-observable:xOriginatingIP": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EmbeddedDevice.json b/templates/uco-observable/EmbeddedDevice.json new file mode 100644 index 0000000..463e756 --- /dev/null +++ b/templates/uco-observable/EmbeddedDevice.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:EmbeddedDevice-1", + "@type": "uco-observable:EmbeddedDevice", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/EncodedStreamFacet.json b/templates/uco-observable/EncodedStreamFacet.json index 2cf1889..d8afe6a 100644 --- a/templates/uco-observable/EncodedStreamFacet.json +++ b/templates/uco-observable/EncodedStreamFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:encodedstreamfacet1", + "@id": "kb:EncodedStreamFacet-1", "@type": "uco-observable:EncodedStreamFacet", "uco-observable:encodingMethod": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EncryptedStreamFacet.json b/templates/uco-observable/EncryptedStreamFacet.json index 52caa53..7b65b68 100644 --- a/templates/uco-observable/EncryptedStreamFacet.json +++ b/templates/uco-observable/EncryptedStreamFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:encryptedstreamfacet1", + "@id": "kb:EncryptedStreamFacet-1", "@type": "uco-observable:EncryptedStreamFacet", - "uco-observable:encryptionIV": null, - "uco-observable:encryptionKey": null, + "uco-observable:encryptionIV": [], + "uco-observable:encryptionKey": [], "uco-observable:encryptionMethod": null, "uco-observable:encryptionMode": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EnvironmentVariable.json b/templates/uco-observable/EnvironmentVariable.json index 96eb9ce..18434a3 100644 --- a/templates/uco-observable/EnvironmentVariable.json +++ b/templates/uco-observable/EnvironmentVariable.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:environmentvariable1", + "@id": "kb:EnvironmentVariable-1", "@type": "uco-observable:EnvironmentVariable", "uco-core:name": null, "uco-observable:value": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EventLog.json b/templates/uco-observable/EventLog.json index 52e9dee..14ba0b4 100644 --- a/templates/uco-observable/EventLog.json +++ b/templates/uco-observable/EventLog.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:eventlog1", + "@id": "kb:EventLog-1", "@type": "uco-observable:EventLog", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/EventRecord.json b/templates/uco-observable/EventRecord.json new file mode 100644 index 0000000..199a7f9 --- /dev/null +++ b/templates/uco-observable/EventRecord.json @@ -0,0 +1,44 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:EventRecord-1", + "@type": "uco-observable:EventRecord", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:EventRecordFacet-1", + "@type": "uco-observable:EventRecordFacet", + "uco-observable:account": null, + "uco-observable:application": null, + "uco-observable:cyberAction": null, + "uco-observable:endTime": null, + "uco-observable:eventID": null, + "uco-observable:eventRecordDevice": null, + "uco-observable:eventRecordID": null, + "uco-observable:eventRecordRaw": null, + "uco-observable:eventRecordServiceName": null, + "uco-observable:eventRecordText": null, + "uco-observable:eventType": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:startTime": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/EventRecordFacet.json b/templates/uco-observable/EventRecordFacet.json new file mode 100644 index 0000000..d7f8589 --- /dev/null +++ b/templates/uco-observable/EventRecordFacet.json @@ -0,0 +1,26 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:EventRecordFacet-1", + "@type": "uco-observable:EventRecordFacet", + "uco-observable:account": null, + "uco-observable:application": null, + "uco-observable:cyberAction": null, + "uco-observable:endTime": null, + "uco-observable:eventID": null, + "uco-observable:eventRecordDevice": null, + "uco-observable:eventRecordID": null, + "uco-observable:eventRecordRaw": null, + "uco-observable:eventRecordServiceName": null, + "uco-observable:eventRecordText": null, + "uco-observable:eventType": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:startTime": null + } + ] +} diff --git a/templates/uco-observable/ExtInodeFacet.json b/templates/uco-observable/ExtInodeFacet.json index ac4663f..4a97792 100644 --- a/templates/uco-observable/ExtInodeFacet.json +++ b/templates/uco-observable/ExtInodeFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:extinodefacet1", + "@id": "kb:ExtInodeFacet-1", "@type": "uco-observable:ExtInodeFacet", "uco-observable:extDeletionTime": null, "uco-observable:extFileType": null, @@ -17,9 +18,5 @@ "uco-observable:extSGID": null, "uco-observable:extSUID": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ExtractedString.json b/templates/uco-observable/ExtractedString.json index 2b67b10..f46eea1 100644 --- a/templates/uco-observable/ExtractedString.json +++ b/templates/uco-observable/ExtractedString.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:extractedstring1", + "@id": "kb:ExtractedString-1", "@type": "uco-observable:ExtractedString", "uco-observable:byteStringValue": null, "uco-observable:encoding": null, @@ -14,9 +15,5 @@ "uco-observable:length": null, "uco-observable:stringValue": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ExtractedStringsFacet.json b/templates/uco-observable/ExtractedStringsFacet.json index 117bd8a..95df331 100644 --- a/templates/uco-observable/ExtractedStringsFacet.json +++ b/templates/uco-observable/ExtractedStringsFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:extractedstringsfacet1", + "@id": "kb:ExtractedStringsFacet-1", "@type": "uco-observable:ExtractedStringsFacet", - "uco-observable:strings": null + "uco-observable:strings": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/File.json b/templates/uco-observable/File.json index 3df37bf..b89445a 100644 --- a/templates/uco-observable/File.json +++ b/templates/uco-observable/File.json @@ -1,31 +1,41 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:file1", + "@id": "kb:File-1", "@type": "uco-observable:File", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:FileFacet-1", + "@type": "uco-observable:FileFacet", + "uco-observable:accessedTime": null, + "uco-observable:allocationStatus": null, + "uco-observable:extension": null, + "uco-observable:fileName": [], + "uco-observable:filePath": [], + "uco-observable:isDirectory": [], + "uco-observable:metadataChangeTime": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:sizeInBytes": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/FileFacet.json b/templates/uco-observable/FileFacet.json index f140ced..68119c9 100644 --- a/templates/uco-observable/FileFacet.json +++ b/templates/uco-observable/FileFacet.json @@ -1,26 +1,23 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:filefacet1", + "@id": "kb:FileFacet-1", "@type": "uco-observable:FileFacet", "uco-observable:accessedTime": null, "uco-observable:allocationStatus": null, "uco-observable:extension": null, - "uco-observable:fileName": null, - "uco-observable:filePath": null, - "uco-observable:isDirectory": null, + "uco-observable:fileName": [], + "uco-observable:filePath": [], + "uco-observable:isDirectory": [], "uco-observable:metadataChangeTime": null, "uco-observable:modifiedTime": null, "uco-observable:observableCreatedTime": null, "uco-observable:sizeInBytes": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/FilePermissionsFacet.json b/templates/uco-observable/FilePermissionsFacet.json index 7d2f01d..d12f051 100644 --- a/templates/uco-observable/FilePermissionsFacet.json +++ b/templates/uco-observable/FilePermissionsFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:filepermissionsfacet1", + "@id": "kb:FilePermissionsFacet-1", "@type": "uco-observable:FilePermissionsFacet", "uco-observable:owner": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/FileSystem.json b/templates/uco-observable/FileSystem.json index e9aa78f..9d47746 100644 --- a/templates/uco-observable/FileSystem.json +++ b/templates/uco-observable/FileSystem.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:filesystem1", + "@id": "kb:FileSystem-1", "@type": "uco-observable:FileSystem", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:FileSystemFacet-1", + "@type": "uco-observable:FileSystemFacet", + "uco-observable:clusterSize": null, + "uco-observable:fileSystemType": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/FileSystemFacet.json b/templates/uco-observable/FileSystemFacet.json index 8bdc61f..8fb4dbb 100644 --- a/templates/uco-observable/FileSystemFacet.json +++ b/templates/uco-observable/FileSystemFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:filesystemfacet1", + "@id": "kb:FileSystemFacet-1", "@type": "uco-observable:FileSystemFacet", "uco-observable:clusterSize": null, "uco-observable:fileSystemType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/FileSystemObject.json b/templates/uco-observable/FileSystemObject.json index 13b820e..621dc0d 100644 --- a/templates/uco-observable/FileSystemObject.json +++ b/templates/uco-observable/FileSystemObject.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:filesystemobject1", + "@id": "kb:FileSystemObject-1", "@type": "uco-observable:FileSystemObject", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ForumPost.json b/templates/uco-observable/ForumPost.json index 8a2b841..ee2cefc 100644 --- a/templates/uco-observable/ForumPost.json +++ b/templates/uco-observable/ForumPost.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:forumpost1", + "@id": "kb:ForumPost-1", "@type": "uco-observable:ForumPost", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:MessageFacet-1", + "@type": "uco-observable:MessageFacet", + "uco-observable:application": null, + "uco-observable:from": null, + "uco-observable:messageID": null, + "uco-observable:messageText": null, + "uco-observable:messageType": null, + "uco-observable:sentTime": null, + "uco-observable:sessionID": null, + "uco-observable:to": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ForumPrivateMessage.json b/templates/uco-observable/ForumPrivateMessage.json index f777d9e..16fb80c 100644 --- a/templates/uco-observable/ForumPrivateMessage.json +++ b/templates/uco-observable/ForumPrivateMessage.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:forumprivatemessage1", + "@id": "kb:ForumPrivateMessage-1", "@type": "uco-observable:ForumPrivateMessage", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:MessageFacet-1", + "@type": "uco-observable:MessageFacet", + "uco-observable:application": null, + "uco-observable:from": null, + "uco-observable:messageID": null, + "uco-observable:messageText": null, + "uco-observable:messageType": null, + "uco-observable:sentTime": null, + "uco-observable:sessionID": null, + "uco-observable:to": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/FragmentFacet.json b/templates/uco-observable/FragmentFacet.json index f2b93a4..7aa6e3c 100644 --- a/templates/uco-observable/FragmentFacet.json +++ b/templates/uco-observable/FragmentFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:fragmentfacet1", + "@id": "kb:FragmentFacet-1", "@type": "uco-observable:FragmentFacet", - "uco-observable:fragmentIndex": null, - "uco-observable:totalFragments": null + "uco-observable:fragmentIndex": [], + "uco-observable:totalFragments": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/GUI.json b/templates/uco-observable/GUI.json index ec59df8..8dedca5 100644 --- a/templates/uco-observable/GUI.json +++ b/templates/uco-observable/GUI.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:gui1", + "@id": "kb:GUI-1", "@type": "uco-observable:GUI", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/GamingConsole.json b/templates/uco-observable/GamingConsole.json new file mode 100644 index 0000000..932a6d3 --- /dev/null +++ b/templates/uco-observable/GamingConsole.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:GamingConsole-1", + "@type": "uco-observable:GamingConsole", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/GenericObservableObject.json b/templates/uco-observable/GenericObservableObject.json index cba3180..c149963 100644 --- a/templates/uco-observable/GenericObservableObject.json +++ b/templates/uco-observable/GenericObservableObject.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:genericobservableobject1", + "@id": "kb:GenericObservableObject-1", "@type": "uco-observable:GenericObservableObject", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/GeoLocationEntry.json b/templates/uco-observable/GeoLocationEntry.json index e9be7fc..bc78261 100644 --- a/templates/uco-observable/GeoLocationEntry.json +++ b/templates/uco-observable/GeoLocationEntry.json @@ -1,31 +1,34 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:geolocationentry1", + "@id": "kb:GeoLocationEntry-1", "@type": "uco-observable:GeoLocationEntry", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:GeoLocationEntryFacet-1", + "@type": "uco-observable:GeoLocationEntryFacet", + "uco-observable:application": null, + "uco-observable:location": null, + "uco-observable:observableCreatedTime": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/GeoLocationEntryFacet.json b/templates/uco-observable/GeoLocationEntryFacet.json index 2fa6c2d..e26522d 100644 --- a/templates/uco-observable/GeoLocationEntryFacet.json +++ b/templates/uco-observable/GeoLocationEntryFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:geolocationentryfacet1", + "@id": "kb:GeoLocationEntryFacet-1", "@type": "uco-observable:GeoLocationEntryFacet", "uco-observable:application": null, "uco-observable:location": null, "uco-observable:observableCreatedTime": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/GeoLocationLog.json b/templates/uco-observable/GeoLocationLog.json index c0e729f..bb52d20 100644 --- a/templates/uco-observable/GeoLocationLog.json +++ b/templates/uco-observable/GeoLocationLog.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:geolocationlog1", + "@id": "kb:GeoLocationLog-1", "@type": "uco-observable:GeoLocationLog", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:GeoLocationLogFacet-1", + "@type": "uco-observable:GeoLocationLogFacet", + "uco-observable:application": null, + "uco-observable:observableCreatedTime": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/GeoLocationLogFacet.json b/templates/uco-observable/GeoLocationLogFacet.json index 2357c6d..44abd71 100644 --- a/templates/uco-observable/GeoLocationLogFacet.json +++ b/templates/uco-observable/GeoLocationLogFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:geolocationlogfacet1", + "@id": "kb:GeoLocationLogFacet-1", "@type": "uco-observable:GeoLocationLogFacet", "uco-observable:application": null, "uco-observable:observableCreatedTime": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/GeoLocationTrack.json b/templates/uco-observable/GeoLocationTrack.json index afcce6b..228d97f 100644 --- a/templates/uco-observable/GeoLocationTrack.json +++ b/templates/uco-observable/GeoLocationTrack.json @@ -1,31 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:geolocationtrack1", + "@id": "kb:GeoLocationTrack-1", "@type": "uco-observable:GeoLocationTrack", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:GeoLocationTrackFacet-1", + "@type": "uco-observable:GeoLocationTrackFacet", + "uco-observable:application": null, + "uco-observable:endTime": null, + "uco-observable:geoLocationEntry": [], + "uco-observable:startTime": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/GeoLocationTrackFacet.json b/templates/uco-observable/GeoLocationTrackFacet.json index e602653..cf93507 100644 --- a/templates/uco-observable/GeoLocationTrackFacet.json +++ b/templates/uco-observable/GeoLocationTrackFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:geolocationtrackfacet1", + "@id": "kb:GeoLocationTrackFacet-1", "@type": "uco-observable:GeoLocationTrackFacet", "uco-observable:application": null, "uco-observable:endTime": null, - "uco-observable:geoLocationEntry": null, + "uco-observable:geoLocationEntry": [], "uco-observable:startTime": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/GlobalFlagType.json b/templates/uco-observable/GlobalFlagType.json index 14bc083..10159fb 100644 --- a/templates/uco-observable/GlobalFlagType.json +++ b/templates/uco-observable/GlobalFlagType.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:globalflagtype1", + "@id": "kb:GlobalFlagType-1", "@type": "uco-observable:GlobalFlagType", "uco-observable:abbreviation": null, "uco-observable:destination": null, - "uco-observable:hexadecimalValue": null, + "uco-observable:hexadecimalValue": [], "uco-observable:symbolicName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/HTTPConnection.json b/templates/uco-observable/HTTPConnection.json index 8a5d8f1..efc9d42 100644 --- a/templates/uco-observable/HTTPConnection.json +++ b/templates/uco-observable/HTTPConnection.json @@ -1,31 +1,51 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:httpconnection1", + "@id": "kb:HTTPConnection-1", "@type": "uco-observable:HTTPConnection", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:HTTPConnectionFacet-1", + "@type": "uco-observable:HTTPConnectionFacet", + "uco-observable:httpMesageBodyLength": null, + "uco-observable:httpMessageBodyData": null, + "uco-observable:httpRequestHeader": null, + "uco-observable:requestMethod": null, + "uco-observable:requestValue": null, + "uco-observable:requestVersion": null + }, + { + "@id": "kb:NetworkConnectionFacet-1", + "@type": "uco-observable:NetworkConnectionFacet", + "uco-observable:destinationPort": null, + "uco-observable:dst": [], + "uco-observable:endTime": null, + "uco-observable:isActive": null, + "uco-observable:protocols": null, + "uco-observable:sourcePort": null, + "uco-observable:src": [], + "uco-observable:startTime": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/HTTPConnectionFacet.json b/templates/uco-observable/HTTPConnectionFacet.json index 9b6b5e4..82ca1e5 100644 --- a/templates/uco-observable/HTTPConnectionFacet.json +++ b/templates/uco-observable/HTTPConnectionFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:httpconnectionfacet1", + "@id": "kb:HTTPConnectionFacet-1", "@type": "uco-observable:HTTPConnectionFacet", "uco-observable:httpMesageBodyLength": null, "uco-observable:httpMessageBodyData": null, @@ -14,9 +15,5 @@ "uco-observable:requestValue": null, "uco-observable:requestVersion": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Hostname.json b/templates/uco-observable/Hostname.json index a0a5bb6..b1ef46f 100644 --- a/templates/uco-observable/Hostname.json +++ b/templates/uco-observable/Hostname.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:hostname1", + "@id": "kb:Hostname-1", "@type": "uco-observable:Hostname", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ICMPConnection.json b/templates/uco-observable/ICMPConnection.json index 80a4de5..2330725 100644 --- a/templates/uco-observable/ICMPConnection.json +++ b/templates/uco-observable/ICMPConnection.json @@ -1,31 +1,47 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:icmpconnection1", + "@id": "kb:ICMPConnection-1", "@type": "uco-observable:ICMPConnection", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:ICMPConnectionFacet-1", + "@type": "uco-observable:ICMPConnectionFacet", + "uco-observable:icmpCode": [], + "uco-observable:icmpType": [] + }, + { + "@id": "kb:NetworkConnectionFacet-1", + "@type": "uco-observable:NetworkConnectionFacet", + "uco-observable:destinationPort": null, + "uco-observable:dst": [], + "uco-observable:endTime": null, + "uco-observable:isActive": null, + "uco-observable:protocols": null, + "uco-observable:sourcePort": null, + "uco-observable:src": [], + "uco-observable:startTime": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ICMPConnectionFacet.json b/templates/uco-observable/ICMPConnectionFacet.json index c6e88f7..be9315e 100644 --- a/templates/uco-observable/ICMPConnectionFacet.json +++ b/templates/uco-observable/ICMPConnectionFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:icmpconnectionfacet1", + "@id": "kb:ICMPConnectionFacet-1", "@type": "uco-observable:ICMPConnectionFacet", - "uco-observable:icmpCode": null, - "uco-observable:icmpType": null + "uco-observable:icmpCode": [], + "uco-observable:icmpType": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IComHandlerActionType.json b/templates/uco-observable/IComHandlerActionType.json index 3881ac8..a678171 100644 --- a/templates/uco-observable/IComHandlerActionType.json +++ b/templates/uco-observable/IComHandlerActionType.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:icomhandleractiontype1", + "@id": "kb:IComHandlerActionType-1", "@type": "uco-observable:IComHandlerActionType", "uco-observable:comClassID": null, "uco-observable:comData": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IExecActionType.json b/templates/uco-observable/IExecActionType.json index 3126770..7357ea6 100644 --- a/templates/uco-observable/IExecActionType.json +++ b/templates/uco-observable/IExecActionType.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:iexecactiontype1", + "@id": "kb:IExecActionType-1", "@type": "uco-observable:IExecActionType", "uco-observable:execArguments": null, - "uco-observable:execProgramHashes": null, + "uco-observable:execProgramHashes": [], "uco-observable:execProgramPath": null, "uco-observable:execWorkingDirectory": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IPAddress.json b/templates/uco-observable/IPAddress.json index d5931c7..70b9d82 100644 --- a/templates/uco-observable/IPAddress.json +++ b/templates/uco-observable/IPAddress.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ipaddress1", + "@id": "kb:IPAddress-1", "@type": "uco-observable:IPAddress", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IPAddressFacet.json b/templates/uco-observable/IPAddressFacet.json index 6779163..53dec72 100644 --- a/templates/uco-observable/IPAddressFacet.json +++ b/templates/uco-observable/IPAddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ipaddressfacet1", + "@id": "kb:IPAddressFacet-1", "@type": "uco-observable:IPAddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IPNetmask.json b/templates/uco-observable/IPNetmask.json index e485174..58d27a1 100644 --- a/templates/uco-observable/IPNetmask.json +++ b/templates/uco-observable/IPNetmask.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ipnetmask1", + "@id": "kb:IPNetmask-1", "@type": "uco-observable:IPNetmask", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IPhone.json b/templates/uco-observable/IPhone.json new file mode 100644 index 0000000..14d6b00 --- /dev/null +++ b/templates/uco-observable/IPhone.json @@ -0,0 +1,50 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:IPhone-1", + "@type": "uco-observable:IPhone", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:MobileDeviceFacet-1", + "@type": "uco-observable:MobileDeviceFacet", + "uco-observable:ESN": null, + "uco-observable:IMEI": [], + "uco-observable:bluetoothDeviceName": null, + "uco-observable:clockSetting": null, + "uco-observable:keypadUnlockCode": null, + "uco-observable:mockLocationsAllowed": null, + "uco-observable:network": null, + "uco-observable:phoneActivationTime": null, + "uco-observable:storageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/IPv4Address.json b/templates/uco-observable/IPv4Address.json index f54fdc0..5487e26 100644 --- a/templates/uco-observable/IPv4Address.json +++ b/templates/uco-observable/IPv4Address.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ipv4address1", + "@id": "kb:IPv4Address-1", "@type": "uco-observable:IPv4Address", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:IPv4AddressFacet-1", + "@type": "uco-observable:IPv4AddressFacet", + "uco-observable:addressValue": null, + "uco-observable:displayName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IPv4AddressFacet.json b/templates/uco-observable/IPv4AddressFacet.json index 68a7267..a0c071c 100644 --- a/templates/uco-observable/IPv4AddressFacet.json +++ b/templates/uco-observable/IPv4AddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ipv4addressfacet1", + "@id": "kb:IPv4AddressFacet-1", "@type": "uco-observable:IPv4AddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IPv6Address.json b/templates/uco-observable/IPv6Address.json index 96335a3..ef7439b 100644 --- a/templates/uco-observable/IPv6Address.json +++ b/templates/uco-observable/IPv6Address.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ipv6address1", + "@id": "kb:IPv6Address-1", "@type": "uco-observable:IPv6Address", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:IPv6AddressFacet-1", + "@type": "uco-observable:IPv6AddressFacet", + "uco-observable:addressValue": null, + "uco-observable:displayName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IPv6AddressFacet.json b/templates/uco-observable/IPv6AddressFacet.json index 2fc1f62..cf6c289 100644 --- a/templates/uco-observable/IPv6AddressFacet.json +++ b/templates/uco-observable/IPv6AddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ipv6addressfacet1", + "@id": "kb:IPv6AddressFacet-1", "@type": "uco-observable:IPv6AddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/IShowMessageActionType.json b/templates/uco-observable/IShowMessageActionType.json index d8cf14a..e8174a6 100644 --- a/templates/uco-observable/IShowMessageActionType.json +++ b/templates/uco-observable/IShowMessageActionType.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ishowmessageactiontype1", + "@id": "kb:IShowMessageActionType-1", "@type": "uco-observable:IShowMessageActionType", "uco-observable:showMessageBody": null, "uco-observable:showMessageTitle": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Image.json b/templates/uco-observable/Image.json index 315864e..0502ca1 100644 --- a/templates/uco-observable/Image.json +++ b/templates/uco-observable/Image.json @@ -1,31 +1,32 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:image1", + "@id": "kb:Image-1", "@type": "uco-observable:Image", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:ImageFacet-1", + "@type": "uco-observable:ImageFacet", + "uco-observable:imageType": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ImageFacet.json b/templates/uco-observable/ImageFacet.json index 2a5a136..bee3e95 100644 --- a/templates/uco-observable/ImageFacet.json +++ b/templates/uco-observable/ImageFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:imagefacet1", + "@id": "kb:ImageFacet-1", "@type": "uco-observable:ImageFacet", "uco-observable:imageType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/InstantMessagingAddress.json b/templates/uco-observable/InstantMessagingAddress.json index 865c5a6..76267f1 100644 --- a/templates/uco-observable/InstantMessagingAddress.json +++ b/templates/uco-observable/InstantMessagingAddress.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:instantmessagingaddress1", + "@id": "kb:InstantMessagingAddress-1", "@type": "uco-observable:InstantMessagingAddress", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:InstantMessagingAddressFacet-1", + "@type": "uco-observable:InstantMessagingAddressFacet", + "uco-observable:addressValue": null, + "uco-observable:displayName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/InstantMessagingAddressFacet.json b/templates/uco-observable/InstantMessagingAddressFacet.json index eb9ec01..3fae36e 100644 --- a/templates/uco-observable/InstantMessagingAddressFacet.json +++ b/templates/uco-observable/InstantMessagingAddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:instantmessagingaddressfacet1", + "@id": "kb:InstantMessagingAddressFacet-1", "@type": "uco-observable:InstantMessagingAddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Junction.json b/templates/uco-observable/Junction.json index d1c1c1e..2c9946f 100644 --- a/templates/uco-observable/Junction.json +++ b/templates/uco-observable/Junction.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:junction1", + "@id": "kb:Junction-1", "@type": "uco-observable:Junction", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Laptop.json b/templates/uco-observable/Laptop.json new file mode 100644 index 0000000..fa2e34c --- /dev/null +++ b/templates/uco-observable/Laptop.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Laptop-1", + "@type": "uco-observable:Laptop", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/Library.json b/templates/uco-observable/Library.json index dc51ce3..192faee 100644 --- a/templates/uco-observable/Library.json +++ b/templates/uco-observable/Library.json @@ -1,31 +1,32 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:library1", + "@id": "kb:Library-1", "@type": "uco-observable:Library", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:LibraryFacet-1", + "@type": "uco-observable:LibraryFacet", + "uco-observable:libraryType": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/LibraryFacet.json b/templates/uco-observable/LibraryFacet.json index d8a60eb..6a89fc9 100644 --- a/templates/uco-observable/LibraryFacet.json +++ b/templates/uco-observable/LibraryFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:libraryfacet1", + "@id": "kb:LibraryFacet-1", "@type": "uco-observable:LibraryFacet", "uco-observable:libraryType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MACAddress.json b/templates/uco-observable/MACAddress.json index 58c41c5..6d592d9 100644 --- a/templates/uco-observable/MACAddress.json +++ b/templates/uco-observable/MACAddress.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:macaddress1", + "@id": "kb:MACAddress-1", "@type": "uco-observable:MACAddress", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MACAddressFacet.json b/templates/uco-observable/MACAddressFacet.json index 5704d8b..b40ce82 100644 --- a/templates/uco-observable/MACAddressFacet.json +++ b/templates/uco-observable/MACAddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:macaddressfacet1", + "@id": "kb:MACAddressFacet-1", "@type": "uco-observable:MACAddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Makefile b/templates/uco-observable/Makefile new file mode 100644 index 0000000..f087e36 --- /dev/null +++ b/templates/uco-observable/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/observable/ + +include ../../src/ontology.mk diff --git a/templates/uco-observable/Memory.json b/templates/uco-observable/Memory.json index 0fb3754..a79ab00 100644 --- a/templates/uco-observable/Memory.json +++ b/templates/uco-observable/Memory.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:memory1", + "@id": "kb:Memory-1", "@type": "uco-observable:Memory", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:MemoryFacet-1", + "@type": "uco-observable:MemoryFacet", + "uco-observable:blockType": null, + "uco-observable:isInjected": null, + "uco-observable:isMapped": null, + "uco-observable:isProtected": null, + "uco-observable:isVolatile": null, + "uco-observable:regionEndAddress": [], + "uco-observable:regionSize": null, + "uco-observable:regionStartAddress": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MemoryFacet.json b/templates/uco-observable/MemoryFacet.json index 689b4a7..cd7bccd 100644 --- a/templates/uco-observable/MemoryFacet.json +++ b/templates/uco-observable/MemoryFacet.json @@ -1,24 +1,21 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:memoryfacet1", + "@id": "kb:MemoryFacet-1", "@type": "uco-observable:MemoryFacet", "uco-observable:blockType": null, "uco-observable:isInjected": null, "uco-observable:isMapped": null, "uco-observable:isProtected": null, "uco-observable:isVolatile": null, - "uco-observable:regionEndAddress": null, + "uco-observable:regionEndAddress": [], "uco-observable:regionSize": null, - "uco-observable:regionStartAddress": null + "uco-observable:regionStartAddress": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Message.json b/templates/uco-observable/Message.json index 70a7032..63399db 100644 --- a/templates/uco-observable/Message.json +++ b/templates/uco-observable/Message.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:message1", + "@id": "kb:Message-1", "@type": "uco-observable:Message", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:MessageFacet-1", + "@type": "uco-observable:MessageFacet", + "uco-observable:application": null, + "uco-observable:from": null, + "uco-observable:messageID": null, + "uco-observable:messageText": null, + "uco-observable:messageType": null, + "uco-observable:sentTime": null, + "uco-observable:sessionID": null, + "uco-observable:to": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MessageFacet.json b/templates/uco-observable/MessageFacet.json index 4ccff31..4a360f0 100644 --- a/templates/uco-observable/MessageFacet.json +++ b/templates/uco-observable/MessageFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:messagefacet1", + "@id": "kb:MessageFacet-1", "@type": "uco-observable:MessageFacet", "uco-observable:application": null, "uco-observable:from": null, @@ -14,11 +15,7 @@ "uco-observable:messageType": null, "uco-observable:sentTime": null, "uco-observable:sessionID": null, - "uco-observable:to": null + "uco-observable:to": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MessageThread.json b/templates/uco-observable/MessageThread.json index a5ab0f0..a6ca089 100644 --- a/templates/uco-observable/MessageThread.json +++ b/templates/uco-observable/MessageThread.json @@ -1,31 +1,34 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:messagethread1", + "@id": "kb:MessageThread-1", "@type": "uco-observable:MessageThread", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:MessageThreadFacet-1", + "@type": "uco-observable:MessageThreadFacet", + "uco-observable:messageThread": null, + "uco-observable:participant": [], + "uco-observable:visibility": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MessageThreadFacet.json b/templates/uco-observable/MessageThreadFacet.json index 201c5e7..115ed28 100644 --- a/templates/uco-observable/MessageThreadFacet.json +++ b/templates/uco-observable/MessageThreadFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:messagethreadfacet1", + "@id": "kb:MessageThreadFacet-1", "@type": "uco-observable:MessageThreadFacet", - "uco-observable:message": null, - "uco-observable:participant": null, + "uco-observable:messageThread": null, + "uco-observable:participant": [], "uco-observable:visibility": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MftRecordFacet.json b/templates/uco-observable/MftRecordFacet.json index 0f560d8..c9a1eea 100644 --- a/templates/uco-observable/MftRecordFacet.json +++ b/templates/uco-observable/MftRecordFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:mftrecordfacet1", + "@id": "kb:MftRecordFacet-1", "@type": "uco-observable:MftRecordFacet", "uco-observable:mftFileID": null, "uco-observable:mftFileNameAccessedTime": null, @@ -20,9 +21,5 @@ "uco-observable:ntfsOwnerID": null, "uco-observable:ntfsOwnerSID": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MimePartType.json b/templates/uco-observable/MimePartType.json index cd37272..d322e98 100644 --- a/templates/uco-observable/MimePartType.json +++ b/templates/uco-observable/MimePartType.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:mimeparttype1", + "@id": "kb:MimePartType-1", "@type": "uco-observable:MimePartType", "uco-observable:body": null, "uco-observable:bodyRaw": null, "uco-observable:contentDisposition": null, "uco-observable:contentType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MobileAccount.json b/templates/uco-observable/MobileAccount.json index b1b90d0..fafaaa0 100644 --- a/templates/uco-observable/MobileAccount.json +++ b/templates/uco-observable/MobileAccount.json @@ -1,31 +1,57 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:mobileaccount1", + "@id": "kb:MobileAccount-1", "@type": "uco-observable:MobileAccount", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + { + "@id": "kb:DigitalAccountFacet-1", + "@type": "uco-observable:DigitalAccountFacet", + "uco-observable:accountLogin": [], + "uco-observable:displayName": null, + "uco-observable:firstLoginTime": null, + "uco-observable:isDisabled": null, + "uco-observable:lastLoginTime": null + }, + { + "@id": "kb:MobileAccountFacet-1", + "@type": "uco-observable:MobileAccountFacet", + "uco-observable:IMSI": null, + "uco-observable:MSISDN": null, + "uco-observable:MSISDNType": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MobileAccountFacet.json b/templates/uco-observable/MobileAccountFacet.json index 29c6511..d8a079d 100644 --- a/templates/uco-observable/MobileAccountFacet.json +++ b/templates/uco-observable/MobileAccountFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:mobileaccountfacet1", + "@id": "kb:MobileAccountFacet-1", "@type": "uco-observable:MobileAccountFacet", "uco-observable:IMSI": null, "uco-observable:MSISDN": null, "uco-observable:MSISDNType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MobileDevice.json b/templates/uco-observable/MobileDevice.json index c976d07..e1dce51 100644 --- a/templates/uco-observable/MobileDevice.json +++ b/templates/uco-observable/MobileDevice.json @@ -1,31 +1,50 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:mobiledevice1", + "@id": "kb:MobileDevice-1", "@type": "uco-observable:MobileDevice", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:MobileDeviceFacet-1", + "@type": "uco-observable:MobileDeviceFacet", + "uco-observable:ESN": null, + "uco-observable:IMEI": [], + "uco-observable:bluetoothDeviceName": null, + "uco-observable:clockSetting": null, + "uco-observable:keypadUnlockCode": null, + "uco-observable:mockLocationsAllowed": null, + "uco-observable:network": null, + "uco-observable:phoneActivationTime": null, + "uco-observable:storageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MobileDeviceFacet.json b/templates/uco-observable/MobileDeviceFacet.json index 37bea5a..c018973 100644 --- a/templates/uco-observable/MobileDeviceFacet.json +++ b/templates/uco-observable/MobileDeviceFacet.json @@ -1,15 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:mobiledevicefacet1", + "@id": "kb:MobileDeviceFacet-1", "@type": "uco-observable:MobileDeviceFacet", "uco-observable:ESN": null, - "uco-observable:IMEI": null, - "uco-observable:MSISDN": null, + "uco-observable:IMEI": [], "uco-observable:bluetoothDeviceName": null, "uco-observable:clockSetting": null, "uco-observable:keypadUnlockCode": null, @@ -18,9 +18,5 @@ "uco-observable:phoneActivationTime": null, "uco-observable:storageCapacityInBytes": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MobilePhone.json b/templates/uco-observable/MobilePhone.json new file mode 100644 index 0000000..d645396 --- /dev/null +++ b/templates/uco-observable/MobilePhone.json @@ -0,0 +1,50 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:MobilePhone-1", + "@type": "uco-observable:MobilePhone", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:MobileDeviceFacet-1", + "@type": "uco-observable:MobileDeviceFacet", + "uco-observable:ESN": null, + "uco-observable:IMEI": [], + "uco-observable:bluetoothDeviceName": null, + "uco-observable:clockSetting": null, + "uco-observable:keypadUnlockCode": null, + "uco-observable:mockLocationsAllowed": null, + "uco-observable:network": null, + "uco-observable:phoneActivationTime": null, + "uco-observable:storageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/Mutex.json b/templates/uco-observable/Mutex.json index e10a60a..cc708eb 100644 --- a/templates/uco-observable/Mutex.json +++ b/templates/uco-observable/Mutex.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:mutex1", + "@id": "kb:Mutex-1", "@type": "uco-observable:Mutex", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:MutexFacet-1", + "@type": "uco-observable:MutexFacet", + "uco-observable:isNamed": null, + "uco-observable:mutexName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/MutexFacet.json b/templates/uco-observable/MutexFacet.json index 7789ff1..9d83c40 100644 --- a/templates/uco-observable/MutexFacet.json +++ b/templates/uco-observable/MutexFacet.json @@ -1,17 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:mutexfacet1", + "@id": "kb:MutexFacet-1", "@type": "uco-observable:MutexFacet", - "uco-observable:isNamed": null + "uco-observable:isNamed": null, + "uco-observable:mutexName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NTFSFile.json b/templates/uco-observable/NTFSFile.json index 278d142..b318d86 100644 --- a/templates/uco-observable/NTFSFile.json +++ b/templates/uco-observable/NTFSFile.json @@ -1,31 +1,50 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ntfsfile1", + "@id": "kb:NTFSFile-1", "@type": "uco-observable:NTFSFile", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:FileFacet-1", + "@type": "uco-observable:FileFacet", + "uco-observable:accessedTime": null, + "uco-observable:allocationStatus": null, + "uco-observable:extension": null, + "uco-observable:fileName": [], + "uco-observable:filePath": [], + "uco-observable:isDirectory": [], + "uco-observable:metadataChangeTime": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:sizeInBytes": null + }, + { + "@id": "kb:NTFSFileFacet-1", + "@type": "uco-observable:NTFSFileFacet", + "uco-observable:alternateDataStreams": [], + "uco-observable:entryID": null, + "uco-observable:sid": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NTFSFileFacet.json b/templates/uco-observable/NTFSFileFacet.json index fcf3412..83a3ad5 100644 --- a/templates/uco-observable/NTFSFileFacet.json +++ b/templates/uco-observable/NTFSFileFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ntfsfilefacet1", + "@id": "kb:NTFSFileFacet-1", "@type": "uco-observable:NTFSFileFacet", - "uco-observable:alternateDataStreams": null, + "uco-observable:alternateDataStreams": [], "uco-observable:entryID": null, "uco-observable:sid": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NTFSFilePermissionsFacet.json b/templates/uco-observable/NTFSFilePermissionsFacet.json index ceb9573..53d97dc 100644 --- a/templates/uco-observable/NTFSFilePermissionsFacet.json +++ b/templates/uco-observable/NTFSFilePermissionsFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:ntfsfilepermissionsfacet1", + "@id": "kb:NTFSFilePermissionsFacet-1", "@type": "uco-observable:NTFSFilePermissionsFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NamedPipe.json b/templates/uco-observable/NamedPipe.json index 43c6bd4..4a2bd8b 100644 --- a/templates/uco-observable/NamedPipe.json +++ b/templates/uco-observable/NamedPipe.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:namedpipe1", + "@id": "kb:NamedPipe-1", "@type": "uco-observable:NamedPipe", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkAppliance.json b/templates/uco-observable/NetworkAppliance.json index e0a91d6..c41540a 100644 --- a/templates/uco-observable/NetworkAppliance.json +++ b/templates/uco-observable/NetworkAppliance.json @@ -1,31 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networkappliance1", + "@id": "kb:NetworkAppliance-1", "@type": "uco-observable:NetworkAppliance", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkConnection.json b/templates/uco-observable/NetworkConnection.json index aa67df9..b59e869 100644 --- a/templates/uco-observable/NetworkConnection.json +++ b/templates/uco-observable/NetworkConnection.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networkconnection1", + "@id": "kb:NetworkConnection-1", "@type": "uco-observable:NetworkConnection", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:NetworkConnectionFacet-1", + "@type": "uco-observable:NetworkConnectionFacet", + "uco-observable:destinationPort": null, + "uco-observable:dst": [], + "uco-observable:endTime": null, + "uco-observable:isActive": null, + "uco-observable:protocols": null, + "uco-observable:sourcePort": null, + "uco-observable:src": [], + "uco-observable:startTime": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkConnectionFacet.json b/templates/uco-observable/NetworkConnectionFacet.json index aa24e1f..e0daac7 100644 --- a/templates/uco-observable/NetworkConnectionFacet.json +++ b/templates/uco-observable/NetworkConnectionFacet.json @@ -1,24 +1,21 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networkconnectionfacet1", + "@id": "kb:NetworkConnectionFacet-1", "@type": "uco-observable:NetworkConnectionFacet", "uco-observable:destinationPort": null, - "uco-observable:dst": null, + "uco-observable:dst": [], "uco-observable:endTime": null, "uco-observable:isActive": null, "uco-observable:protocols": null, "uco-observable:sourcePort": null, - "uco-observable:src": null, + "uco-observable:src": [], "uco-observable:startTime": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkFlow.json b/templates/uco-observable/NetworkFlow.json index 3d20d51..778859b 100644 --- a/templates/uco-observable/NetworkFlow.json +++ b/templates/uco-observable/NetworkFlow.json @@ -1,31 +1,38 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networkflow1", + "@id": "kb:NetworkFlow-1", "@type": "uco-observable:NetworkFlow", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:NetworkFlowFacet-1", + "@type": "uco-observable:NetworkFlowFacet", + "uco-observable:dstBytes": null, + "uco-observable:dstPackets": null, + "uco-observable:dstPayload": null, + "uco-observable:ipfix": null, + "uco-observable:srcBytes": null, + "uco-observable:srcPackets": null, + "uco-observable:srcPayload": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkFlowFacet.json b/templates/uco-observable/NetworkFlowFacet.json index 6d18e74..29b7852 100644 --- a/templates/uco-observable/NetworkFlowFacet.json +++ b/templates/uco-observable/NetworkFlowFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networkflowfacet1", + "@id": "kb:NetworkFlowFacet-1", "@type": "uco-observable:NetworkFlowFacet", "uco-observable:dstBytes": null, "uco-observable:dstPackets": null, @@ -15,9 +16,5 @@ "uco-observable:srcPackets": null, "uco-observable:srcPayload": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkInterface.json b/templates/uco-observable/NetworkInterface.json index e423443..289f1f8 100644 --- a/templates/uco-observable/NetworkInterface.json +++ b/templates/uco-observable/NetworkInterface.json @@ -1,31 +1,38 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networkinterface1", + "@id": "kb:NetworkInterface-1", "@type": "uco-observable:NetworkInterface", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:NetworkInterfaceFacet-1", + "@type": "uco-observable:NetworkInterfaceFacet", + "uco-observable:adapterName": null, + "uco-observable:dhcpLeaseExpires": null, + "uco-observable:dhcpLeaseObtained": null, + "uco-observable:dhcpServer": [], + "uco-observable:ip": [], + "uco-observable:ipGateway": [], + "uco-observable:macAddress": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkInterfaceFacet.json b/templates/uco-observable/NetworkInterfaceFacet.json index eba8e0f..65e74d0 100644 --- a/templates/uco-observable/NetworkInterfaceFacet.json +++ b/templates/uco-observable/NetworkInterfaceFacet.json @@ -1,23 +1,20 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networkinterfacefacet1", + "@id": "kb:NetworkInterfaceFacet-1", "@type": "uco-observable:NetworkInterfaceFacet", "uco-observable:adapterName": null, "uco-observable:dhcpLeaseExpires": null, "uco-observable:dhcpLeaseObtained": null, - "uco-observable:dhcpServer": null, - "uco-observable:ip": null, - "uco-observable:ipGateway": null, + "uco-observable:dhcpServer": [], + "uco-observable:ip": [], + "uco-observable:ipGateway": [], "uco-observable:macAddress": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkProtocol.json b/templates/uco-observable/NetworkProtocol.json index 9c86c59..c6eb55b 100644 --- a/templates/uco-observable/NetworkProtocol.json +++ b/templates/uco-observable/NetworkProtocol.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networkprotocol1", + "@id": "kb:NetworkProtocol-1", "@type": "uco-observable:NetworkProtocol", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkRoute.json b/templates/uco-observable/NetworkRoute.json index 8783630..accd3d6 100644 --- a/templates/uco-observable/NetworkRoute.json +++ b/templates/uco-observable/NetworkRoute.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networkroute1", + "@id": "kb:NetworkRoute-1", "@type": "uco-observable:NetworkRoute", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NetworkSubnet.json b/templates/uco-observable/NetworkSubnet.json index bfc9b4e..cbce5e1 100644 --- a/templates/uco-observable/NetworkSubnet.json +++ b/templates/uco-observable/NetworkSubnet.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:networksubnet1", + "@id": "kb:NetworkSubnet-1", "@type": "uco-observable:NetworkSubnet", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Note.json b/templates/uco-observable/Note.json index afddb0e..f02fb45 100644 --- a/templates/uco-observable/Note.json +++ b/templates/uco-observable/Note.json @@ -1,31 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:note1", + "@id": "kb:Note-1", "@type": "uco-observable:Note", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:NoteFacet-1", + "@type": "uco-observable:NoteFacet", + "uco-observable:application": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:text": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/NoteFacet.json b/templates/uco-observable/NoteFacet.json index c983b48..bb09307 100644 --- a/templates/uco-observable/NoteFacet.json +++ b/templates/uco-observable/NoteFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:notefacet1", + "@id": "kb:NoteFacet-1", "@type": "uco-observable:NoteFacet", "uco-observable:application": null, "uco-observable:modifiedTime": null, "uco-observable:observableCreatedTime": null, "uco-observable:text": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Observable.json b/templates/uco-observable/Observable.json index cb6a83b..918c331 100644 --- a/templates/uco-observable/Observable.json +++ b/templates/uco-observable/Observable.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:observable1", + "@id": "kb:Observable-1", "@type": "uco-observable:Observable", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ObservableAction.json b/templates/uco-observable/ObservableAction.json index e27ed30..67ccd4d 100644 --- a/templates/uco-observable/ObservableAction.json +++ b/templates/uco-observable/ObservableAction.json @@ -1,43 +1,40 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:observableaction1", + "@id": "kb:ObservableAction-1", "@type": "uco-observable:ObservableAction", + "case-investigation:wasDerivedFrom": [], "uco-action:actionCount": null, "uco-action:actionStatus": null, "uco-action:endTime": null, "uco-action:environment": null, - "uco-action:error": null, - "uco-action:instrument": null, - "uco-action:location": null, - "uco-action:object": null, - "uco-action:participant": null, + "uco-action:error": [], + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], "uco-action:performer": null, - "uco-action:result": null, + "uco-action:result": [], "uco-action:startTime": null, - "uco-action:subaction": null, + "uco-action:subaction": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ObservableObject.json b/templates/uco-observable/ObservableObject.json index af0d92c..e72a1c7 100644 --- a/templates/uco-observable/ObservableObject.json +++ b/templates/uco-observable/ObservableObject.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:observableobject1", + "@id": "kb:ObservableObject-1", "@type": "uco-observable:ObservableObject", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ObservablePattern.json b/templates/uco-observable/ObservablePattern.json index 56458ba..e4b46bc 100644 --- a/templates/uco-observable/ObservablePattern.json +++ b/templates/uco-observable/ObservablePattern.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:observablepattern1", + "@id": "kb:ObservablePattern-1", "@type": "uco-observable:ObservablePattern", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ObservableRelationship.json b/templates/uco-observable/ObservableRelationship.json index a0c7208..7b7dd53 100644 --- a/templates/uco-observable/ObservableRelationship.json +++ b/templates/uco-observable/ObservableRelationship.json @@ -1,35 +1,32 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:observablerelationship1", + "@id": "kb:ObservableRelationship-1", "@type": "uco-observable:ObservableRelationship", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:endTime": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, + "uco-core:description": [], + "uco-core:endTime": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], "uco-core:isDirectional": null, "uco-core:kindOfRelationship": null, - "uco-core:modifiedTime": null, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, - "uco-core:source": null, + "uco-core:objectMarking": [], + "uco-core:source": [], "uco-core:specVersion": null, - "uco-core:startTime": null, - "uco-core:tag": null, - "uco-core:target": null, - "uco-core:type": null + "uco-core:startTime": [], + "uco-core:tag": [], + "uco-core:target": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Observation.json b/templates/uco-observable/Observation.json index 7d7473c..ebef6d3 100644 --- a/templates/uco-observable/Observation.json +++ b/templates/uco-observable/Observation.json @@ -1,43 +1,40 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-action": "https://ontology.unifiedcyberontology.org/uco/action#", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:observation1", + "@id": "kb:Observation-1", "@type": "uco-observable:Observation", + "case-investigation:wasDerivedFrom": [], "uco-action:actionCount": null, "uco-action:actionStatus": null, "uco-action:endTime": null, "uco-action:environment": null, - "uco-action:error": null, - "uco-action:instrument": null, - "uco-action:location": null, - "uco-action:object": null, - "uco-action:participant": null, + "uco-action:error": [], + "uco-action:instrument": [], + "uco-action:location": [], + "uco-action:object": [], + "uco-action:participant": [], "uco-action:performer": null, - "uco-action:result": null, + "uco-action:result": [], "uco-action:startTime": null, - "uco-action:subaction": null, + "uco-action:subaction": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/OnlineService.json b/templates/uco-observable/OnlineService.json index b84278d..d113127 100644 --- a/templates/uco-observable/OnlineService.json +++ b/templates/uco-observable/OnlineService.json @@ -1,31 +1,34 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:onlineservice1", + "@id": "kb:OnlineService-1", "@type": "uco-observable:OnlineService", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:OnlineServiceFacet-1", + "@type": "uco-observable:OnlineServiceFacet", + "uco-core:name": null, + "uco-observable:inetLocation": [], + "uco-observable:location": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/OnlineServiceFacet.json b/templates/uco-observable/OnlineServiceFacet.json index 62612a9..8712e3f 100644 --- a/templates/uco-observable/OnlineServiceFacet.json +++ b/templates/uco-observable/OnlineServiceFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:onlineservicefacet1", + "@id": "kb:OnlineServiceFacet-1", "@type": "uco-observable:OnlineServiceFacet", "uco-core:name": null, - "uco-observable:inetLocation": null, - "uco-observable:location": null + "uco-observable:inetLocation": [], + "uco-observable:location": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/OperatingSystem.json b/templates/uco-observable/OperatingSystem.json index b1dc560..bb3003a 100644 --- a/templates/uco-observable/OperatingSystem.json +++ b/templates/uco-observable/OperatingSystem.json @@ -1,31 +1,38 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:operatingsystem1", + "@id": "kb:OperatingSystem-1", "@type": "uco-observable:OperatingSystem", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:OperatingSystemFacet-1", + "@type": "uco-observable:OperatingSystemFacet", + "uco-observable:advertisingID": [], + "uco-observable:bitness": null, + "uco-observable:environmentVariables": null, + "uco-observable:installDate": null, + "uco-observable:isLimitAdTrackingEnabled": null, + "uco-observable:manufacturer": null, + "uco-observable:version": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/OperatingSystemFacet.json b/templates/uco-observable/OperatingSystemFacet.json index d8ff88b..3bfd720 100644 --- a/templates/uco-observable/OperatingSystemFacet.json +++ b/templates/uco-observable/OperatingSystemFacet.json @@ -1,13 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:operatingsystemfacet1", + "@id": "kb:OperatingSystemFacet-1", "@type": "uco-observable:OperatingSystemFacet", - "uco-observable:advertisingID": null, + "uco-observable:advertisingID": [], "uco-observable:bitness": null, "uco-observable:environmentVariables": null, "uco-observable:installDate": null, @@ -15,9 +16,5 @@ "uco-observable:manufacturer": null, "uco-observable:version": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/PDFFile.json b/templates/uco-observable/PDFFile.json index 615b2b2..9760883 100644 --- a/templates/uco-observable/PDFFile.json +++ b/templates/uco-observable/PDFFile.json @@ -1,31 +1,54 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:pdffile1", + "@id": "kb:PDFFile-1", "@type": "uco-observable:PDFFile", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:FileFacet-1", + "@type": "uco-observable:FileFacet", + "uco-observable:accessedTime": null, + "uco-observable:allocationStatus": null, + "uco-observable:extension": null, + "uco-observable:fileName": [], + "uco-observable:filePath": [], + "uco-observable:isDirectory": [], + "uco-observable:metadataChangeTime": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:sizeInBytes": null + }, + { + "@id": "kb:PDFFileFacet-1", + "@type": "uco-observable:PDFFileFacet", + "uco-observable:documentInformationDictionary": null, + "uco-observable:isOptimized": null, + "uco-observable:pdfCreationDate": null, + "uco-observable:pdfId0": [], + "uco-observable:pdfId1": null, + "uco-observable:pdfModDate": null, + "uco-observable:version": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/PDFFileFacet.json b/templates/uco-observable/PDFFileFacet.json index 3349fb5..798e066 100644 --- a/templates/uco-observable/PDFFileFacet.json +++ b/templates/uco-observable/PDFFileFacet.json @@ -1,21 +1,20 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:pdffilefacet1", + "@id": "kb:PDFFileFacet-1", "@type": "uco-observable:PDFFileFacet", "uco-observable:documentInformationDictionary": null, "uco-observable:isOptimized": null, - "uco-observable:pdfId0": null, + "uco-observable:pdfCreationDate": null, + "uco-observable:pdfId0": [], "uco-observable:pdfId1": null, + "uco-observable:pdfModDate": null, "uco-observable:version": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/PathRelationFacet.json b/templates/uco-observable/PathRelationFacet.json index 01b1b75..dcdb83e 100644 --- a/templates/uco-observable/PathRelationFacet.json +++ b/templates/uco-observable/PathRelationFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:pathrelationfacet1", + "@id": "kb:PathRelationFacet-1", "@type": "uco-observable:PathRelationFacet", - "uco-observable:path": null + "uco-observable:path": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/PaymentCard.json b/templates/uco-observable/PaymentCard.json index 653ba26..8e8cf94 100644 --- a/templates/uco-observable/PaymentCard.json +++ b/templates/uco-observable/PaymentCard.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:paymentcard1", + "@id": "kb:PaymentCard-1", "@type": "uco-observable:PaymentCard", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/PhoneAccount.json b/templates/uco-observable/PhoneAccount.json index 4acaf40..3fe5808 100644 --- a/templates/uco-observable/PhoneAccount.json +++ b/templates/uco-observable/PhoneAccount.json @@ -1,31 +1,55 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:phoneaccount1", + "@id": "kb:PhoneAccount-1", "@type": "uco-observable:PhoneAccount", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + { + "@id": "kb:DigitalAccountFacet-1", + "@type": "uco-observable:DigitalAccountFacet", + "uco-observable:accountLogin": [], + "uco-observable:displayName": null, + "uco-observable:firstLoginTime": null, + "uco-observable:isDisabled": null, + "uco-observable:lastLoginTime": null + }, + { + "@id": "kb:PhoneAccountFacet-1", + "@type": "uco-observable:PhoneAccountFacet", + "uco-observable:phoneNumber": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/PhoneAccountFacet.json b/templates/uco-observable/PhoneAccountFacet.json index 183f352..3542d5c 100644 --- a/templates/uco-observable/PhoneAccountFacet.json +++ b/templates/uco-observable/PhoneAccountFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:phoneaccountfacet1", + "@id": "kb:PhoneAccountFacet-1", "@type": "uco-observable:PhoneAccountFacet", "uco-observable:phoneNumber": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Pipe.json b/templates/uco-observable/Pipe.json index 25eaa17..26e1a81 100644 --- a/templates/uco-observable/Pipe.json +++ b/templates/uco-observable/Pipe.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:pipe1", + "@id": "kb:Pipe-1", "@type": "uco-observable:Pipe", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Post.json b/templates/uco-observable/Post.json index 8df5d94..97e77f7 100644 --- a/templates/uco-observable/Post.json +++ b/templates/uco-observable/Post.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:post1", + "@id": "kb:Post-1", "@type": "uco-observable:Post", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:MessageFacet-1", + "@type": "uco-observable:MessageFacet", + "uco-observable:application": null, + "uco-observable:from": null, + "uco-observable:messageID": null, + "uco-observable:messageText": null, + "uco-observable:messageType": null, + "uco-observable:sentTime": null, + "uco-observable:sessionID": null, + "uco-observable:to": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Process.json b/templates/uco-observable/Process.json index 1e9b653..6c72d74 100644 --- a/templates/uco-observable/Process.json +++ b/templates/uco-observable/Process.json @@ -1,31 +1,43 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:process1", + "@id": "kb:Process-1", "@type": "uco-observable:Process", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:ProcessFacet-1", + "@type": "uco-observable:ProcessFacet", + "uco-observable:arguments": [], + "uco-observable:binary": null, + "uco-observable:creatorUser": null, + "uco-observable:currentWorkingDirectory": null, + "uco-observable:environmentVariables": null, + "uco-observable:exitStatus": null, + "uco-observable:exitTime": null, + "uco-observable:isHidden": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:parent": null, + "uco-observable:pid": null, + "uco-observable:status": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ProcessFacet.json b/templates/uco-observable/ProcessFacet.json index 8f98965..1415254 100644 --- a/templates/uco-observable/ProcessFacet.json +++ b/templates/uco-observable/ProcessFacet.json @@ -1,13 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:processfacet1", + "@id": "kb:ProcessFacet-1", "@type": "uco-observable:ProcessFacet", - "uco-observable:arguments": null, + "uco-observable:arguments": [], "uco-observable:binary": null, "uco-observable:creatorUser": null, "uco-observable:currentWorkingDirectory": null, @@ -20,9 +21,5 @@ "uco-observable:pid": null, "uco-observable:status": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ProcessThread.json b/templates/uco-observable/ProcessThread.json new file mode 100644 index 0000000..cfec139 --- /dev/null +++ b/templates/uco-observable/ProcessThread.json @@ -0,0 +1,28 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:ProcessThread-1", + "@type": "uco-observable:ProcessThread", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/Profile.json b/templates/uco-observable/Profile.json index a2a3462..b95ed99 100644 --- a/templates/uco-observable/Profile.json +++ b/templates/uco-observable/Profile.json @@ -1,31 +1,44 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:profile1", + "@id": "kb:Profile-1", "@type": "uco-observable:Profile", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:ProfileFacet-1", + "@type": "uco-observable:ProfileFacet", + "uco-core:name": null, + "uco-observable:contactAddress": null, + "uco-observable:contactEmail": null, + "uco-observable:contactMessaging": null, + "uco-observable:contactPhone": null, + "uco-observable:contactURL": null, + "uco-observable:displayName": null, + "uco-observable:profileAccount": null, + "uco-observable:profileCreated": null, + "uco-observable:profileIdentity": null, + "uco-observable:profileLanguage": [], + "uco-observable:profileService": null, + "uco-observable:profileWebsite": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ProfileFacet.json b/templates/uco-observable/ProfileFacet.json index 0f77a54..b2065e6 100644 --- a/templates/uco-observable/ProfileFacet.json +++ b/templates/uco-observable/ProfileFacet.json @@ -1,12 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:profilefacet1", + "@id": "kb:ProfileFacet-1", "@type": "uco-observable:ProfileFacet", "uco-core:name": null, "uco-observable:contactAddress": null, @@ -18,13 +19,9 @@ "uco-observable:profileAccount": null, "uco-observable:profileCreated": null, "uco-observable:profileIdentity": null, - "uco-observable:profileLanguage": null, + "uco-observable:profileLanguage": [], "uco-observable:profileService": null, "uco-observable:profileWebsite": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/PropertiesEnumeratedEffectFacet.json b/templates/uco-observable/PropertiesEnumeratedEffectFacet.json index 2f21a13..9146c1a 100644 --- a/templates/uco-observable/PropertiesEnumeratedEffectFacet.json +++ b/templates/uco-observable/PropertiesEnumeratedEffectFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:propertiesenumeratedeffectfacet1", + "@id": "kb:PropertiesEnumeratedEffectFacet-1", "@type": "uco-observable:PropertiesEnumeratedEffectFacet", "uco-observable:properties": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/PropertyReadEffectFacet.json b/templates/uco-observable/PropertyReadEffectFacet.json index 5b7ce96..3d5eb73 100644 --- a/templates/uco-observable/PropertyReadEffectFacet.json +++ b/templates/uco-observable/PropertyReadEffectFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:propertyreadeffectfacet1", + "@id": "kb:PropertyReadEffectFacet-1", "@type": "uco-observable:PropertyReadEffectFacet", "uco-observable:propertyName": null, "uco-observable:value": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ProtocolConverter.json b/templates/uco-observable/ProtocolConverter.json new file mode 100644 index 0000000..0e70ed3 --- /dev/null +++ b/templates/uco-observable/ProtocolConverter.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:ProtocolConverter-1", + "@type": "uco-observable:ProtocolConverter", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/RasterPicture.json b/templates/uco-observable/RasterPicture.json index 86d29b8..35a9726 100644 --- a/templates/uco-observable/RasterPicture.json +++ b/templates/uco-observable/RasterPicture.json @@ -1,31 +1,53 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:rasterpicture1", + "@id": "kb:RasterPicture-1", "@type": "uco-observable:RasterPicture", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:FileFacet-1", + "@type": "uco-observable:FileFacet", + "uco-observable:accessedTime": null, + "uco-observable:allocationStatus": null, + "uco-observable:extension": null, + "uco-observable:fileName": [], + "uco-observable:filePath": [], + "uco-observable:isDirectory": [], + "uco-observable:metadataChangeTime": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:sizeInBytes": null + }, + { + "@id": "kb:RasterPictureFacet-1", + "@type": "uco-observable:RasterPictureFacet", + "uco-observable:bitsPerPixel": null, + "uco-observable:camera": null, + "uco-observable:imageCompressionMethod": null, + "uco-observable:pictureHeight": null, + "uco-observable:pictureType": null, + "uco-observable:pictureWidth": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/RasterPictureFacet.json b/templates/uco-observable/RasterPictureFacet.json index 926dcce..b388bbe 100644 --- a/templates/uco-observable/RasterPictureFacet.json +++ b/templates/uco-observable/RasterPictureFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:rasterpicturefacet1", + "@id": "kb:RasterPictureFacet-1", "@type": "uco-observable:RasterPictureFacet", "uco-observable:bitsPerPixel": null, "uco-observable:camera": null, @@ -14,9 +15,5 @@ "uco-observable:pictureType": null, "uco-observable:pictureWidth": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/RecoveredObject.json b/templates/uco-observable/RecoveredObject.json new file mode 100644 index 0000000..b1690dd --- /dev/null +++ b/templates/uco-observable/RecoveredObject.json @@ -0,0 +1,34 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:RecoveredObject-1", + "@type": "uco-observable:RecoveredObject", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:RecoveredObjectFacet-1", + "@type": "uco-observable:RecoveredObjectFacet", + "uco-observable:contentRecoveredStatus": null, + "uco-observable:metadataRecoveredStatus": null, + "uco-observable:nameRecoveredStatus": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/RecoveredObjectFacet.json b/templates/uco-observable/RecoveredObjectFacet.json new file mode 100644 index 0000000..7f2133f --- /dev/null +++ b/templates/uco-observable/RecoveredObjectFacet.json @@ -0,0 +1,16 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:RecoveredObjectFacet-1", + "@type": "uco-observable:RecoveredObjectFacet", + "uco-observable:contentRecoveredStatus": null, + "uco-observable:metadataRecoveredStatus": null, + "uco-observable:nameRecoveredStatus": null + } + ] +} diff --git a/templates/uco-observable/ReparsePoint.json b/templates/uco-observable/ReparsePoint.json index 980a22d..4bb5cbd 100644 --- a/templates/uco-observable/ReparsePoint.json +++ b/templates/uco-observable/ReparsePoint.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:reparsepoint1", + "@id": "kb:ReparsePoint-1", "@type": "uco-observable:ReparsePoint", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SIMCard.json b/templates/uco-observable/SIMCard.json index 5ab05d6..b40264c 100644 --- a/templates/uco-observable/SIMCard.json +++ b/templates/uco-observable/SIMCard.json @@ -1,31 +1,49 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:simcard1", + "@id": "kb:SIMCard-1", "@type": "uco-observable:SIMCard", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:SIMCardFacet-1", + "@type": "uco-observable:SIMCardFacet", + "uco-observable:ICCID": null, + "uco-observable:IMSI": null, + "uco-observable:PIN": null, + "uco-observable:PUK": null, + "uco-observable:SIMForm": null, + "uco-observable:SIMType": null, + "uco-observable:carrier": null, + "uco-observable:storageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SIMCardFacet.json b/templates/uco-observable/SIMCardFacet.json index aabb89f..0d57035 100644 --- a/templates/uco-observable/SIMCardFacet.json +++ b/templates/uco-observable/SIMCardFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:simcardfacet1", + "@id": "kb:SIMCardFacet-1", "@type": "uco-observable:SIMCardFacet", "uco-observable:ICCID": null, "uco-observable:IMSI": null, @@ -16,9 +17,5 @@ "uco-observable:carrier": null, "uco-observable:storageCapacityInBytes": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SIPAddress.json b/templates/uco-observable/SIPAddress.json index 062c3e6..e6b8561 100644 --- a/templates/uco-observable/SIPAddress.json +++ b/templates/uco-observable/SIPAddress.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:sipaddress1", + "@id": "kb:SIPAddress-1", "@type": "uco-observable:SIPAddress", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:SIPAddressFacet-1", + "@type": "uco-observable:SIPAddressFacet", + "uco-observable:addressValue": null, + "uco-observable:displayName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SIPAddressFacet.json b/templates/uco-observable/SIPAddressFacet.json index 459dc8d..c7da6e5 100644 --- a/templates/uco-observable/SIPAddressFacet.json +++ b/templates/uco-observable/SIPAddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:sipaddressfacet1", + "@id": "kb:SIPAddressFacet-1", "@type": "uco-observable:SIPAddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SMSMessage.json b/templates/uco-observable/SMSMessage.json index c8f0791..61b7c9c 100644 --- a/templates/uco-observable/SMSMessage.json +++ b/templates/uco-observable/SMSMessage.json @@ -1,31 +1,46 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:smsmessage1", + "@id": "kb:SMSMessage-1", "@type": "uco-observable:SMSMessage", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:MessageFacet-1", + "@type": "uco-observable:MessageFacet", + "uco-observable:application": null, + "uco-observable:from": null, + "uco-observable:messageID": null, + "uco-observable:messageText": null, + "uco-observable:messageType": null, + "uco-observable:sentTime": null, + "uco-observable:sessionID": null, + "uco-observable:to": [] + }, + { + "@id": "kb:SMSMessageFacet-1", + "@type": "uco-observable:SMSMessageFacet", + "uco-observable:isRead": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SMSMessageFacet.json b/templates/uco-observable/SMSMessageFacet.json index d2c614b..ebf5953 100644 --- a/templates/uco-observable/SMSMessageFacet.json +++ b/templates/uco-observable/SMSMessageFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:smsmessagefacet1", + "@id": "kb:SMSMessageFacet-1", "@type": "uco-observable:SMSMessageFacet", "uco-observable:isRead": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SQLiteBlob.json b/templates/uco-observable/SQLiteBlob.json index ad97b6f..01c94a5 100644 --- a/templates/uco-observable/SQLiteBlob.json +++ b/templates/uco-observable/SQLiteBlob.json @@ -1,31 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:sqliteblob1", + "@id": "kb:SQLiteBlob-1", "@type": "uco-observable:SQLiteBlob", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:SQLiteBlobFacet-1", + "@type": "uco-observable:SQLiteBlobFacet", + "uco-observable:columnName": null, + "uco-observable:rowCondition": null, + "uco-observable:rowIndex": [], + "uco-observable:tableName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SQLiteBlobFacet.json b/templates/uco-observable/SQLiteBlobFacet.json index 5c20cbd..6f214ea 100644 --- a/templates/uco-observable/SQLiteBlobFacet.json +++ b/templates/uco-observable/SQLiteBlobFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:sqliteblobfacet1", + "@id": "kb:SQLiteBlobFacet-1", "@type": "uco-observable:SQLiteBlobFacet", "uco-observable:columnName": null, "uco-observable:rowCondition": null, - "uco-observable:rowIndex": null, + "uco-observable:rowIndex": [], "uco-observable:tableName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SecurityAppliance.json b/templates/uco-observable/SecurityAppliance.json index fd08e70..616c598 100644 --- a/templates/uco-observable/SecurityAppliance.json +++ b/templates/uco-observable/SecurityAppliance.json @@ -1,31 +1,35 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:securityappliance1", + "@id": "kb:SecurityAppliance-1", "@type": "uco-observable:SecurityAppliance", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Semaphore.json b/templates/uco-observable/Semaphore.json index 1012465..09bc174 100644 --- a/templates/uco-observable/Semaphore.json +++ b/templates/uco-observable/Semaphore.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:semaphore1", + "@id": "kb:Semaphore-1", "@type": "uco-observable:Semaphore", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SendControlCodeEffectFacet.json b/templates/uco-observable/SendControlCodeEffectFacet.json index 268411c..d8d36dc 100644 --- a/templates/uco-observable/SendControlCodeEffectFacet.json +++ b/templates/uco-observable/SendControlCodeEffectFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:sendcontrolcodeeffectfacet1", + "@id": "kb:SendControlCodeEffectFacet-1", "@type": "uco-observable:SendControlCodeEffectFacet", "uco-observable:controlCode": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Server.json b/templates/uco-observable/Server.json new file mode 100644 index 0000000..fad1371 --- /dev/null +++ b/templates/uco-observable/Server.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Server-1", + "@type": "uco-observable:Server", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/ShopListing.json b/templates/uco-observable/ShopListing.json index d901645..10a48d4 100644 --- a/templates/uco-observable/ShopListing.json +++ b/templates/uco-observable/ShopListing.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:shoplisting1", + "@id": "kb:ShopListing-1", "@type": "uco-observable:ShopListing", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SmartDevice.json b/templates/uco-observable/SmartDevice.json new file mode 100644 index 0000000..4f369ec --- /dev/null +++ b/templates/uco-observable/SmartDevice.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:SmartDevice-1", + "@type": "uco-observable:SmartDevice", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/SmartPhone.json b/templates/uco-observable/SmartPhone.json new file mode 100644 index 0000000..f7eb393 --- /dev/null +++ b/templates/uco-observable/SmartPhone.json @@ -0,0 +1,50 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:SmartPhone-1", + "@type": "uco-observable:SmartPhone", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:MobileDeviceFacet-1", + "@type": "uco-observable:MobileDeviceFacet", + "uco-observable:ESN": null, + "uco-observable:IMEI": [], + "uco-observable:bluetoothDeviceName": null, + "uco-observable:clockSetting": null, + "uco-observable:keypadUnlockCode": null, + "uco-observable:mockLocationsAllowed": null, + "uco-observable:network": null, + "uco-observable:phoneActivationTime": null, + "uco-observable:storageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/Snapshot.json b/templates/uco-observable/Snapshot.json index 5b346e6..6bce57a 100644 --- a/templates/uco-observable/Snapshot.json +++ b/templates/uco-observable/Snapshot.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:snapshot1", + "@id": "kb:Snapshot-1", "@type": "uco-observable:Snapshot", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Socket.json b/templates/uco-observable/Socket.json index 5d37f9c..38a84d1 100644 --- a/templates/uco-observable/Socket.json +++ b/templates/uco-observable/Socket.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:socket1", + "@id": "kb:Socket-1", "@type": "uco-observable:Socket", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SocketAddress.json b/templates/uco-observable/SocketAddress.json index aaeea01..7294c0d 100644 --- a/templates/uco-observable/SocketAddress.json +++ b/templates/uco-observable/SocketAddress.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:socketaddress1", + "@id": "kb:SocketAddress-1", "@type": "uco-observable:SocketAddress", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Software.json b/templates/uco-observable/Software.json index 05e209b..d770b92 100644 --- a/templates/uco-observable/Software.json +++ b/templates/uco-observable/Software.json @@ -1,31 +1,36 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:software1", + "@id": "kb:Software-1", "@type": "uco-observable:Software", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:SoftwareFacet-1", + "@type": "uco-observable:SoftwareFacet", + "uco-observable:cpeid": null, + "uco-observable:language": null, + "uco-observable:manufacturer": null, + "uco-observable:swid": null, + "uco-observable:version": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SoftwareFacet.json b/templates/uco-observable/SoftwareFacet.json index 192f475..fd4a0d4 100644 --- a/templates/uco-observable/SoftwareFacet.json +++ b/templates/uco-observable/SoftwareFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:softwarefacet1", + "@id": "kb:SoftwareFacet-1", "@type": "uco-observable:SoftwareFacet", "uco-observable:cpeid": null, "uco-observable:language": null, @@ -13,9 +14,5 @@ "uco-observable:swid": null, "uco-observable:version": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/StateChangeEffectFacet.json b/templates/uco-observable/StateChangeEffectFacet.json index fd311a8..050153f 100644 --- a/templates/uco-observable/StateChangeEffectFacet.json +++ b/templates/uco-observable/StateChangeEffectFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:statechangeeffectfacet1", + "@id": "kb:StateChangeEffectFacet-1", "@type": "uco-observable:StateChangeEffectFacet", "uco-observable:newObject": null, "uco-observable:oldObject": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/StorageMedium.json b/templates/uco-observable/StorageMedium.json new file mode 100644 index 0000000..48df81a --- /dev/null +++ b/templates/uco-observable/StorageMedium.json @@ -0,0 +1,42 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:StorageMedium-1", + "@type": "uco-observable:StorageMedium", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:StorageMediumFacet-1", + "@type": "uco-observable:StorageMediumFacet", + "uco-observable:totalStorageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/StorageMediumFacet.json b/templates/uco-observable/StorageMediumFacet.json new file mode 100644 index 0000000..af02114 --- /dev/null +++ b/templates/uco-observable/StorageMediumFacet.json @@ -0,0 +1,14 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:StorageMediumFacet-1", + "@type": "uco-observable:StorageMediumFacet", + "uco-observable:totalStorageCapacityInBytes": null + } + ] +} diff --git a/templates/uco-observable/SymbolicLink.json b/templates/uco-observable/SymbolicLink.json index 4fec229..dd61e9c 100644 --- a/templates/uco-observable/SymbolicLink.json +++ b/templates/uco-observable/SymbolicLink.json @@ -1,31 +1,32 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:symboliclink1", + "@id": "kb:SymbolicLink-1", "@type": "uco-observable:SymbolicLink", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:SymbolicLinkFacet-1", + "@type": "uco-observable:SymbolicLinkFacet", + "uco-observable:targetFile": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/SymbolicLinkFacet.json b/templates/uco-observable/SymbolicLinkFacet.json index 10deae5..a344c56 100644 --- a/templates/uco-observable/SymbolicLinkFacet.json +++ b/templates/uco-observable/SymbolicLinkFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:symboliclinkfacet1", + "@id": "kb:SymbolicLinkFacet-1", "@type": "uco-observable:SymbolicLinkFacet", "uco-observable:targetFile": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/TCPConnection.json b/templates/uco-observable/TCPConnection.json index b80bdf8..d368a4d 100644 --- a/templates/uco-observable/TCPConnection.json +++ b/templates/uco-observable/TCPConnection.json @@ -1,31 +1,47 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:tcpconnection1", + "@id": "kb:TCPConnection-1", "@type": "uco-observable:TCPConnection", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:NetworkConnectionFacet-1", + "@type": "uco-observable:NetworkConnectionFacet", + "uco-observable:destinationPort": null, + "uco-observable:dst": [], + "uco-observable:endTime": null, + "uco-observable:isActive": null, + "uco-observable:protocols": null, + "uco-observable:sourcePort": null, + "uco-observable:src": [], + "uco-observable:startTime": null + }, + { + "@id": "kb:TCPConnectionFacet-1", + "@type": "uco-observable:TCPConnectionFacet", + "uco-observable:destinationFlags": [], + "uco-observable:sourceFlags": [] + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/TCPConnectionFacet.json b/templates/uco-observable/TCPConnectionFacet.json index 87c2ad8..852ece8 100644 --- a/templates/uco-observable/TCPConnectionFacet.json +++ b/templates/uco-observable/TCPConnectionFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:tcpconnectionfacet1", + "@id": "kb:TCPConnectionFacet-1", "@type": "uco-observable:TCPConnectionFacet", - "uco-observable:destinationFlags": null, - "uco-observable:sourceFlags": null + "uco-observable:destinationFlags": [], + "uco-observable:sourceFlags": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/TableField.json b/templates/uco-observable/TableField.json new file mode 100644 index 0000000..7d927a6 --- /dev/null +++ b/templates/uco-observable/TableField.json @@ -0,0 +1,37 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:TableField-1", + "@type": "uco-observable:TableField", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:TableFieldFacet-1", + "@type": "uco-observable:TableFieldFacet", + "uco-observable:recordFieldIsNull": null, + "uco-observable:recordFieldName": null, + "uco-observable:recordFieldValue": null, + "uco-observable:recordRowID": null, + "uco-observable:tableName": null, + "uco-observable:tableSchema": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/TableFieldFacet.json b/templates/uco-observable/TableFieldFacet.json new file mode 100644 index 0000000..e047304 --- /dev/null +++ b/templates/uco-observable/TableFieldFacet.json @@ -0,0 +1,19 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:TableFieldFacet-1", + "@type": "uco-observable:TableFieldFacet", + "uco-observable:recordFieldIsNull": null, + "uco-observable:recordFieldName": null, + "uco-observable:recordFieldValue": null, + "uco-observable:recordRowID": null, + "uco-observable:tableName": null, + "uco-observable:tableSchema": null + } + ] +} diff --git a/templates/uco-observable/Tablet.json b/templates/uco-observable/Tablet.json new file mode 100644 index 0000000..62c9ea1 --- /dev/null +++ b/templates/uco-observable/Tablet.json @@ -0,0 +1,50 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Tablet-1", + "@type": "uco-observable:Tablet", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + { + "@id": "kb:MobileDeviceFacet-1", + "@type": "uco-observable:MobileDeviceFacet", + "uco-observable:ESN": null, + "uco-observable:IMEI": [], + "uco-observable:bluetoothDeviceName": null, + "uco-observable:clockSetting": null, + "uco-observable:keypadUnlockCode": null, + "uco-observable:mockLocationsAllowed": null, + "uco-observable:network": null, + "uco-observable:phoneActivationTime": null, + "uco-observable:storageCapacityInBytes": null + } + ], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/TaskActionType.json b/templates/uco-observable/TaskActionType.json index 297fa0f..09ab3da 100644 --- a/templates/uco-observable/TaskActionType.json +++ b/templates/uco-observable/TaskActionType.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:taskactiontype1", + "@id": "kb:TaskActionType-1", "@type": "uco-observable:TaskActionType", "uco-observable:actionID": null, "uco-observable:actionType": null, @@ -14,9 +15,5 @@ "uco-observable:iExecAction": null, "uco-observable:iShowMessageAction": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/TriggerType.json b/templates/uco-observable/TriggerType.json index 1850f5f..14ccd8c 100644 --- a/templates/uco-observable/TriggerType.json +++ b/templates/uco-observable/TriggerType.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:triggertype1", + "@id": "kb:TriggerType-1", "@type": "uco-observable:TriggerType", "uco-observable:isEnabled": null, "uco-observable:triggerBeginTime": null, @@ -16,9 +17,5 @@ "uco-observable:triggerSessionChangeType": null, "uco-observable:triggerType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Tweet.json b/templates/uco-observable/Tweet.json index a662b90..72bf340 100644 --- a/templates/uco-observable/Tweet.json +++ b/templates/uco-observable/Tweet.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:tweet1", + "@id": "kb:Tweet-1", "@type": "uco-observable:Tweet", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:MessageFacet-1", + "@type": "uco-observable:MessageFacet", + "uco-observable:application": null, + "uco-observable:from": null, + "uco-observable:messageID": null, + "uco-observable:messageText": null, + "uco-observable:messageType": null, + "uco-observable:sentTime": null, + "uco-observable:sessionID": null, + "uco-observable:to": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/TwitterProfileFacet.json b/templates/uco-observable/TwitterProfileFacet.json index 147bb4b..32bb598 100644 --- a/templates/uco-observable/TwitterProfileFacet.json +++ b/templates/uco-observable/TwitterProfileFacet.json @@ -1,21 +1,22 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:twitterprofilefacet1", + "@id": "kb:TwitterProfileFacet-1", "@type": "uco-observable:TwitterProfileFacet", "uco-observable:favoritesCount": null, "uco-observable:followersCount": null, "uco-observable:friendsCount": null, "uco-observable:listedCount": null, - "uco-observable:profileBackgroundHash": null, + "uco-observable:profileBackgroundHash": [], "uco-observable:profileBackgroundLocation": null, - "uco-observable:profileBannerHash": null, + "uco-observable:profileBannerHash": [], "uco-observable:profileBannerLocation": null, - "uco-observable:profileImageHash": null, + "uco-observable:profileImageHash": [], "uco-observable:profileImageLocation": null, "uco-observable:profileIsProtected": null, "uco-observable:profileIsVerified": null, @@ -24,9 +25,5 @@ "uco-observable:twitterId": null, "uco-observable:userLocationString": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UNIXAccount.json b/templates/uco-observable/UNIXAccount.json index 36b9373..7335132 100644 --- a/templates/uco-observable/UNIXAccount.json +++ b/templates/uco-observable/UNIXAccount.json @@ -1,31 +1,56 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:unixaccount1", + "@id": "kb:UNIXAccount-1", "@type": "uco-observable:UNIXAccount", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + { + "@id": "kb:DigitalAccountFacet-1", + "@type": "uco-observable:DigitalAccountFacet", + "uco-observable:accountLogin": [], + "uco-observable:displayName": null, + "uco-observable:firstLoginTime": null, + "uco-observable:isDisabled": null, + "uco-observable:lastLoginTime": null + }, + { + "@id": "kb:UNIXAccountFacet-1", + "@type": "uco-observable:UNIXAccountFacet", + "uco-observable:gid": null, + "uco-observable:shell": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UNIXAccountFacet.json b/templates/uco-observable/UNIXAccountFacet.json index da4fe70..0e96955 100644 --- a/templates/uco-observable/UNIXAccountFacet.json +++ b/templates/uco-observable/UNIXAccountFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:unixaccountfacet1", + "@id": "kb:UNIXAccountFacet-1", "@type": "uco-observable:UNIXAccountFacet", "uco-observable:gid": null, "uco-observable:shell": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UNIXFile.json b/templates/uco-observable/UNIXFile.json index 5b2f285..e3caf1e 100644 --- a/templates/uco-observable/UNIXFile.json +++ b/templates/uco-observable/UNIXFile.json @@ -1,31 +1,41 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:unixfile1", + "@id": "kb:UNIXFile-1", "@type": "uco-observable:UNIXFile", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:FileFacet-1", + "@type": "uco-observable:FileFacet", + "uco-observable:accessedTime": null, + "uco-observable:allocationStatus": null, + "uco-observable:extension": null, + "uco-observable:fileName": [], + "uco-observable:filePath": [], + "uco-observable:isDirectory": [], + "uco-observable:metadataChangeTime": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:sizeInBytes": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UNIXFilePermissionsFacet.json b/templates/uco-observable/UNIXFilePermissionsFacet.json index 0254452..919cc95 100644 --- a/templates/uco-observable/UNIXFilePermissionsFacet.json +++ b/templates/uco-observable/UNIXFilePermissionsFacet.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:unixfilepermissionsfacet1", + "@id": "kb:UNIXFilePermissionsFacet-1", "@type": "uco-observable:UNIXFilePermissionsFacet" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UNIXProcess.json b/templates/uco-observable/UNIXProcess.json index a0bc898..83822b9 100644 --- a/templates/uco-observable/UNIXProcess.json +++ b/templates/uco-observable/UNIXProcess.json @@ -1,31 +1,51 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:unixprocess1", + "@id": "kb:UNIXProcess-1", "@type": "uco-observable:UNIXProcess", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:ProcessFacet-1", + "@type": "uco-observable:ProcessFacet", + "uco-observable:arguments": [], + "uco-observable:binary": null, + "uco-observable:creatorUser": null, + "uco-observable:currentWorkingDirectory": null, + "uco-observable:environmentVariables": null, + "uco-observable:exitStatus": null, + "uco-observable:exitTime": null, + "uco-observable:isHidden": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:parent": null, + "uco-observable:pid": null, + "uco-observable:status": null + }, + { + "@id": "kb:UNIXProcessFacet-1", + "@type": "uco-observable:UNIXProcessFacet", + "uco-observable:openFileDescriptor": [], + "uco-observable:ruid": [] + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UNIXProcessFacet.json b/templates/uco-observable/UNIXProcessFacet.json index 90eaf4d..58a6c2e 100644 --- a/templates/uco-observable/UNIXProcessFacet.json +++ b/templates/uco-observable/UNIXProcessFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:unixprocessfacet1", + "@id": "kb:UNIXProcessFacet-1", "@type": "uco-observable:UNIXProcessFacet", - "uco-observable:openFileDescriptor": null, - "uco-observable:ruid": null + "uco-observable:openFileDescriptor": [], + "uco-observable:ruid": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UNIXVolumeFacet.json b/templates/uco-observable/UNIXVolumeFacet.json index 5b431aa..a0dbb70 100644 --- a/templates/uco-observable/UNIXVolumeFacet.json +++ b/templates/uco-observable/UNIXVolumeFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:unixvolumefacet1", + "@id": "kb:UNIXVolumeFacet-1", "@type": "uco-observable:UNIXVolumeFacet", "uco-observable:mountPoint": null, "uco-observable:options": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/URL.json b/templates/uco-observable/URL.json index 43dc05c..83beafd 100644 --- a/templates/uco-observable/URL.json +++ b/templates/uco-observable/URL.json @@ -1,31 +1,40 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:url1", + "@id": "kb:URL-1", "@type": "uco-observable:URL", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:URLFacet-1", + "@type": "uco-observable:URLFacet", + "uco-observable:fragment": null, + "uco-observable:fullValue": null, + "uco-observable:host": null, + "uco-observable:password": null, + "uco-observable:path": null, + "uco-observable:port": null, + "uco-observable:query": null, + "uco-observable:scheme": null, + "uco-observable:userName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/URLFacet.json b/templates/uco-observable/URLFacet.json index 2f7f693..a627592 100644 --- a/templates/uco-observable/URLFacet.json +++ b/templates/uco-observable/URLFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:urlfacet1", + "@id": "kb:URLFacet-1", "@type": "uco-observable:URLFacet", "uco-observable:fragment": null, "uco-observable:fullValue": null, @@ -17,9 +18,5 @@ "uco-observable:scheme": null, "uco-observable:userName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/URLHistory.json b/templates/uco-observable/URLHistory.json index 8a15da9..4950a9c 100644 --- a/templates/uco-observable/URLHistory.json +++ b/templates/uco-observable/URLHistory.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:urlhistory1", + "@id": "kb:URLHistory-1", "@type": "uco-observable:URLHistory", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:URLHistoryFacet-1", + "@type": "uco-observable:URLHistoryFacet", + "uco-observable:browserInformation": null, + "uco-observable:urlHistoryEntry": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/URLHistoryEntry.json b/templates/uco-observable/URLHistoryEntry.json index f9f7c95..96a13f2 100644 --- a/templates/uco-observable/URLHistoryEntry.json +++ b/templates/uco-observable/URLHistoryEntry.json @@ -1,27 +1,24 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:urlhistoryentry1", + "@id": "kb:URLHistoryEntry-1", "@type": "uco-observable:URLHistoryEntry", "uco-observable:browserUserProfile": null, "uco-observable:expirationTime": null, "uco-observable:firstVisit": null, "uco-observable:hostname": null, - "uco-observable:keywordSearchTerm": null, + "uco-observable:keywordSearchTerm": [], "uco-observable:lastVisit": null, "uco-observable:manuallyEnteredCount": null, "uco-observable:pageTitle": null, - "uco-observable:referrerUrl": null, + "uco-observable:referrerUrl": [], "uco-observable:url": null, "uco-observable:visitCount": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/URLHistoryFacet.json b/templates/uco-observable/URLHistoryFacet.json index ee6940c..cec590d 100644 --- a/templates/uco-observable/URLHistoryFacet.json +++ b/templates/uco-observable/URLHistoryFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:urlhistoryfacet1", + "@id": "kb:URLHistoryFacet-1", "@type": "uco-observable:URLHistoryFacet", "uco-observable:browserInformation": null, - "uco-observable:urlHistoryEntry": null + "uco-observable:urlHistoryEntry": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/URLVisit.json b/templates/uco-observable/URLVisit.json index 8d5affd..6b14ad4 100644 --- a/templates/uco-observable/URLVisit.json +++ b/templates/uco-observable/URLVisit.json @@ -1,31 +1,37 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:urlvisit1", + "@id": "kb:URLVisit-1", "@type": "uco-observable:URLVisit", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:URLVisitFacet-1", + "@type": "uco-observable:URLVisitFacet", + "uco-observable:browserInformation": null, + "uco-observable:fromURLVisit": null, + "uco-observable:url": null, + "uco-observable:urlTransitionType": null, + "uco-observable:visitDuration": null, + "uco-observable:visitTime": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/URLVisitFacet.json b/templates/uco-observable/URLVisitFacet.json index ac423e7..9043e16 100644 --- a/templates/uco-observable/URLVisitFacet.json +++ b/templates/uco-observable/URLVisitFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:urlvisitfacet1", + "@id": "kb:URLVisitFacet-1", "@type": "uco-observable:URLVisitFacet", "uco-observable:browserInformation": null, "uco-observable:fromURLVisit": null, @@ -14,9 +15,5 @@ "uco-observable:visitDuration": null, "uco-observable:visitTime": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UserAccount.json b/templates/uco-observable/UserAccount.json index 210e863..3f328e3 100644 --- a/templates/uco-observable/UserAccount.json +++ b/templates/uco-observable/UserAccount.json @@ -1,31 +1,58 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:useraccount1", + "@id": "kb:UserAccount-1", "@type": "uco-observable:UserAccount", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + { + "@id": "kb:DigitalAccountFacet-1", + "@type": "uco-observable:DigitalAccountFacet", + "uco-observable:accountLogin": [], + "uco-observable:displayName": null, + "uco-observable:firstLoginTime": null, + "uco-observable:isDisabled": null, + "uco-observable:lastLoginTime": null + }, + { + "@id": "kb:UserAccountFacet-1", + "@type": "uco-observable:UserAccountFacet", + "uco-observable:canEscalatePrivs": null, + "uco-observable:homeDirectory": null, + "uco-observable:isPrivileged": null, + "uco-observable:isServiceAccount": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UserAccountFacet.json b/templates/uco-observable/UserAccountFacet.json index b84e2bb..166e0a1 100644 --- a/templates/uco-observable/UserAccountFacet.json +++ b/templates/uco-observable/UserAccountFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:useraccountfacet1", + "@id": "kb:UserAccountFacet-1", "@type": "uco-observable:UserAccountFacet", "uco-observable:canEscalatePrivs": null, "uco-observable:homeDirectory": null, "uco-observable:isPrivileged": null, "uco-observable:isServiceAccount": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UserSession.json b/templates/uco-observable/UserSession.json index 20dc7b6..5d02c97 100644 --- a/templates/uco-observable/UserSession.json +++ b/templates/uco-observable/UserSession.json @@ -1,31 +1,36 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:usersession1", + "@id": "kb:UserSession-1", "@type": "uco-observable:UserSession", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:UserSessionFacet-1", + "@type": "uco-observable:UserSessionFacet", + "uco-observable:effectiveGroup": null, + "uco-observable:effectiveGroupID": null, + "uco-observable:effectiveUser": null, + "uco-observable:loginTime": null, + "uco-observable:logoutTime": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/UserSessionFacet.json b/templates/uco-observable/UserSessionFacet.json index ef732fa..89d3d31 100644 --- a/templates/uco-observable/UserSessionFacet.json +++ b/templates/uco-observable/UserSessionFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:usersessionfacet1", + "@id": "kb:UserSessionFacet-1", "@type": "uco-observable:UserSessionFacet", "uco-observable:effectiveGroup": null, "uco-observable:effectiveGroupID": null, @@ -13,9 +14,5 @@ "uco-observable:loginTime": null, "uco-observable:logoutTime": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/ValuesEnumeratedEffectFacet.json b/templates/uco-observable/ValuesEnumeratedEffectFacet.json index 9a6b69f..a9b49dd 100644 --- a/templates/uco-observable/ValuesEnumeratedEffectFacet.json +++ b/templates/uco-observable/ValuesEnumeratedEffectFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:valuesenumeratedeffectfacet1", + "@id": "kb:ValuesEnumeratedEffectFacet-1", "@type": "uco-observable:ValuesEnumeratedEffectFacet", "uco-observable:values": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Volume.json b/templates/uco-observable/Volume.json index 45d1576..a09b3ef 100644 --- a/templates/uco-observable/Volume.json +++ b/templates/uco-observable/Volume.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:volume1", + "@id": "kb:Volume-1", "@type": "uco-observable:Volume", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:VolumeFacet-1", + "@type": "uco-observable:VolumeFacet", + "uco-observable:sectorSize": null, + "uco-observable:volumeID": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/VolumeFacet.json b/templates/uco-observable/VolumeFacet.json index 0b6202c..009ba13 100644 --- a/templates/uco-observable/VolumeFacet.json +++ b/templates/uco-observable/VolumeFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:volumefacet1", + "@id": "kb:VolumeFacet-1", "@type": "uco-observable:VolumeFacet", "uco-observable:sectorSize": null, "uco-observable:volumeID": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WearableDevice.json b/templates/uco-observable/WearableDevice.json new file mode 100644 index 0000000..06fa9bf --- /dev/null +++ b/templates/uco-observable/WearableDevice.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:WearableDevice-1", + "@type": "uco-observable:WearableDevice", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/WebPage.json b/templates/uco-observable/WebPage.json index 961ef66..2c29a9b 100644 --- a/templates/uco-observable/WebPage.json +++ b/templates/uco-observable/WebPage.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:webpage1", + "@id": "kb:WebPage-1", "@type": "uco-observable:WebPage", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WhoIs.json b/templates/uco-observable/WhoIs.json index 3a5f4b6..a4bda83 100644 --- a/templates/uco-observable/WhoIs.json +++ b/templates/uco-observable/WhoIs.json @@ -1,31 +1,48 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:whois1", + "@id": "kb:WhoIs-1", "@type": "uco-observable:WhoIs", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:WhoIsFacet-1", + "@type": "uco-observable:WhoIsFacet", + "uco-observable:creationDate": null, + "uco-observable:dnssec": null, + "uco-observable:domainID": null, + "uco-observable:domainName": null, + "uco-observable:expirationDate": null, + "uco-observable:ipAddress": null, + "uco-observable:lookupDate": null, + "uco-observable:nameServer": [], + "uco-observable:regionalInternetRegistry": null, + "uco-observable:registrantContactInfo": null, + "uco-observable:registrantIDs": [], + "uco-observable:registrarInfo": null, + "uco-observable:remarks": null, + "uco-observable:serverName": null, + "uco-observable:sponsoringRegistrar": null, + "uco-observable:status": null, + "uco-observable:updatedDate": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WhoIsFacet.json b/templates/uco-observable/WhoIsFacet.json index 88c289b..8eb2160 100644 --- a/templates/uco-observable/WhoIsFacet.json +++ b/templates/uco-observable/WhoIsFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:whoisfacet1", + "@id": "kb:WhoIsFacet-1", "@type": "uco-observable:WhoIsFacet", "uco-observable:creationDate": null, "uco-observable:dnssec": null, @@ -14,10 +15,10 @@ "uco-observable:expirationDate": null, "uco-observable:ipAddress": null, "uco-observable:lookupDate": null, - "uco-observable:nameServer": null, + "uco-observable:nameServer": [], "uco-observable:regionalInternetRegistry": null, "uco-observable:registrantContactInfo": null, - "uco-observable:registrantIDs": null, + "uco-observable:registrantIDs": [], "uco-observable:registrarInfo": null, "uco-observable:remarks": null, "uco-observable:serverName": null, @@ -25,9 +26,5 @@ "uco-observable:status": null, "uco-observable:updatedDate": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WhoisContactFacet.json b/templates/uco-observable/WhoisContactFacet.json index 26b3ebe..7080c5b 100644 --- a/templates/uco-observable/WhoisContactFacet.json +++ b/templates/uco-observable/WhoisContactFacet.json @@ -1,25 +1,26 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-identity": "https://ontology.unifiedcyberontology.org/uco/identity/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:whoiscontactfacet1", + "@id": "kb:WhoisContactFacet-1", "@type": "uco-observable:WhoisContactFacet", "uco-identity:birthdate": null, - "uco-observable:contactAddress": null, - "uco-observable:contactAffiliation": null, - "uco-observable:contactEmail": null, - "uco-observable:contactGroup": null, + "uco-observable:contactAddress": [], + "uco-observable:contactAffiliation": [], + "uco-observable:contactEmail": [], + "uco-observable:contactGroup": [], "uco-observable:contactID": null, - "uco-observable:contactMessaging": null, - "uco-observable:contactNote": null, - "uco-observable:contactPhone": null, - "uco-observable:contactProfile": null, - "uco-observable:contactSIP": null, - "uco-observable:contactURL": null, + "uco-observable:contactMessaging": [], + "uco-observable:contactNote": [], + "uco-observable:contactPhone": [], + "uco-observable:contactProfile": [], + "uco-observable:contactSIP": [], + "uco-observable:contactURL": [], "uco-observable:displayName": null, "uco-observable:firstName": null, "uco-observable:lastName": null, @@ -28,14 +29,10 @@ "uco-observable:namePhonetic": null, "uco-observable:namePrefix": null, "uco-observable:nameSuffix": null, - "uco-observable:nickname": null, + "uco-observable:nickname": [], "uco-observable:numberTimesContacted": null, "uco-observable:sourceApplication": null, "uco-observable:whoisContactType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WhoisRegistrarInfoType.json b/templates/uco-observable/WhoisRegistrarInfoType.json index a45f35f..76adbd7 100644 --- a/templates/uco-observable/WhoisRegistrarInfoType.json +++ b/templates/uco-observable/WhoisRegistrarInfoType.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:whoisregistrarinfotype1", + "@id": "kb:WhoisRegistrarInfoType-1", "@type": "uco-observable:WhoisRegistrarInfoType", "uco-observable:contactPhoneNumber": null, "uco-observable:emailAddress": null, @@ -16,9 +17,5 @@ "uco-observable:registrarName": null, "uco-observable:whoisServer": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WifiAddress.json b/templates/uco-observable/WifiAddress.json index 513a904..4d36a87 100644 --- a/templates/uco-observable/WifiAddress.json +++ b/templates/uco-observable/WifiAddress.json @@ -1,31 +1,33 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:wifiaddress1", + "@id": "kb:WifiAddress-1", "@type": "uco-observable:WifiAddress", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:WifiAddressFacet-1", + "@type": "uco-observable:WifiAddressFacet", + "uco-observable:addressValue": null, + "uco-observable:displayName": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WifiAddressFacet.json b/templates/uco-observable/WifiAddressFacet.json index e82e774..ed769fa 100644 --- a/templates/uco-observable/WifiAddressFacet.json +++ b/templates/uco-observable/WifiAddressFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:wifiaddressfacet1", + "@id": "kb:WifiAddressFacet-1", "@type": "uco-observable:WifiAddressFacet", "uco-observable:addressValue": null, "uco-observable:displayName": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/Wiki.json b/templates/uco-observable/Wiki.json index a043042..006a93c 100644 --- a/templates/uco-observable/Wiki.json +++ b/templates/uco-observable/Wiki.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:wiki1", + "@id": "kb:Wiki-1", "@type": "uco-observable:Wiki", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WikiArticle.json b/templates/uco-observable/WikiArticle.json index 50990e9..f8cfa6f 100644 --- a/templates/uco-observable/WikiArticle.json +++ b/templates/uco-observable/WikiArticle.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:wikiarticle1", + "@id": "kb:WikiArticle-1", "@type": "uco-observable:WikiArticle", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsAccount.json b/templates/uco-observable/WindowsAccount.json index d113236..0548266 100644 --- a/templates/uco-observable/WindowsAccount.json +++ b/templates/uco-observable/WindowsAccount.json @@ -1,31 +1,55 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsaccount1", + "@id": "kb:WindowsAccount-1", "@type": "uco-observable:WindowsAccount", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + { + "@id": "kb:DigitalAccountFacet-1", + "@type": "uco-observable:DigitalAccountFacet", + "uco-observable:accountLogin": [], + "uco-observable:displayName": null, + "uco-observable:firstLoginTime": null, + "uco-observable:isDisabled": null, + "uco-observable:lastLoginTime": null + }, + { + "@id": "kb:WindowsAccountFacet-1", + "@type": "uco-observable:WindowsAccountFacet", + "uco-observable:groups": [] + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsAccountFacet.json b/templates/uco-observable/WindowsAccountFacet.json index f8851d6..9ca0220 100644 --- a/templates/uco-observable/WindowsAccountFacet.json +++ b/templates/uco-observable/WindowsAccountFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsaccountfacet1", + "@id": "kb:WindowsAccountFacet-1", "@type": "uco-observable:WindowsAccountFacet", - "uco-observable:groups": null + "uco-observable:groups": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsActiveDirectoryAccount.json b/templates/uco-observable/WindowsActiveDirectoryAccount.json index 36c2762..76e052f 100644 --- a/templates/uco-observable/WindowsActiveDirectoryAccount.json +++ b/templates/uco-observable/WindowsActiveDirectoryAccount.json @@ -1,31 +1,56 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsactivedirectoryaccount1", + "@id": "kb:WindowsActiveDirectoryAccount-1", "@type": "uco-observable:WindowsActiveDirectoryAccount", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:AccountFacet-1", + "@type": "uco-observable:AccountFacet", + "uco-observable:accountIdentifier": null, + "uco-observable:accountIssuer": null, + "uco-observable:accountType": null, + "uco-observable:expirationTime": null, + "uco-observable:isActive": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:owner": null + }, + { + "@id": "kb:DigitalAccountFacet-1", + "@type": "uco-observable:DigitalAccountFacet", + "uco-observable:accountLogin": [], + "uco-observable:displayName": null, + "uco-observable:firstLoginTime": null, + "uco-observable:isDisabled": null, + "uco-observable:lastLoginTime": null + }, + { + "@id": "kb:WindowsActiveDirectoryAccountFacet-1", + "@type": "uco-observable:WindowsActiveDirectoryAccountFacet", + "uco-observable:activeDirectoryGroups": [], + "uco-observable:objectGUID": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsActiveDirectoryAccountFacet.json b/templates/uco-observable/WindowsActiveDirectoryAccountFacet.json index 42bcb4e..2ffc1a4 100644 --- a/templates/uco-observable/WindowsActiveDirectoryAccountFacet.json +++ b/templates/uco-observable/WindowsActiveDirectoryAccountFacet.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsactivedirectoryaccountfacet1", + "@id": "kb:WindowsActiveDirectoryAccountFacet-1", "@type": "uco-observable:WindowsActiveDirectoryAccountFacet", - "uco-observable:activeDirectoryGroups": null, + "uco-observable:activeDirectoryGroups": [], "uco-observable:objectGUID": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsComputerSpecification.json b/templates/uco-observable/WindowsComputerSpecification.json index 1a31e75..21731a0 100644 --- a/templates/uco-observable/WindowsComputerSpecification.json +++ b/templates/uco-observable/WindowsComputerSpecification.json @@ -1,31 +1,44 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowscomputerspecification1", + "@id": "kb:WindowsComputerSpecification-1", "@type": "uco-observable:WindowsComputerSpecification", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:WindowsComputerSpecificationFacet-1", + "@type": "uco-observable:WindowsComputerSpecificationFacet", + "uco-observable:domain": [], + "uco-observable:globalFlagList": [], + "uco-observable:lastShutdownDate": null, + "uco-observable:msProductID": null, + "uco-observable:msProductName": null, + "uco-observable:netBIOSName": null, + "uco-observable:osInstallDate": null, + "uco-observable:osLastUpgradeDate": null, + "uco-observable:registeredOrganization": null, + "uco-observable:registeredOwner": null, + "uco-observable:windowsDirectory": null, + "uco-observable:windowsSystemDirectory": null, + "uco-observable:windowsTempDirectory": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsComputerSpecificationFacet.json b/templates/uco-observable/WindowsComputerSpecificationFacet.json index 3d2be0e..01ec5e4 100644 --- a/templates/uco-observable/WindowsComputerSpecificationFacet.json +++ b/templates/uco-observable/WindowsComputerSpecificationFacet.json @@ -1,26 +1,26 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowscomputerspecificationfacet1", + "@id": "kb:WindowsComputerSpecificationFacet-1", "@type": "uco-observable:WindowsComputerSpecificationFacet", - "uco-observable:domain": null, - "uco-observable:globalFlagList": null, + "uco-observable:domain": [], + "uco-observable:globalFlagList": [], + "uco-observable:lastShutdownDate": null, "uco-observable:msProductID": null, "uco-observable:msProductName": null, "uco-observable:netBIOSName": null, + "uco-observable:osInstallDate": null, + "uco-observable:osLastUpgradeDate": null, "uco-observable:registeredOrganization": null, "uco-observable:registeredOwner": null, "uco-observable:windowsDirectory": null, "uco-observable:windowsSystemDirectory": null, "uco-observable:windowsTempDirectory": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsCriticalSection.json b/templates/uco-observable/WindowsCriticalSection.json index d4090c0..9cb0f8e 100644 --- a/templates/uco-observable/WindowsCriticalSection.json +++ b/templates/uco-observable/WindowsCriticalSection.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowscriticalsection1", + "@id": "kb:WindowsCriticalSection-1", "@type": "uco-observable:WindowsCriticalSection", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsEvent.json b/templates/uco-observable/WindowsEvent.json index 7786b61..6cefb71 100644 --- a/templates/uco-observable/WindowsEvent.json +++ b/templates/uco-observable/WindowsEvent.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsevent1", + "@id": "kb:WindowsEvent-1", "@type": "uco-observable:WindowsEvent", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsFilemapping.json b/templates/uco-observable/WindowsFilemapping.json index 71f82e1..079dc9b 100644 --- a/templates/uco-observable/WindowsFilemapping.json +++ b/templates/uco-observable/WindowsFilemapping.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsfilemapping1", + "@id": "kb:WindowsFilemapping-1", "@type": "uco-observable:WindowsFilemapping", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsHandle.json b/templates/uco-observable/WindowsHandle.json index 9774a60..6026e12 100644 --- a/templates/uco-observable/WindowsHandle.json +++ b/templates/uco-observable/WindowsHandle.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowshandle1", + "@id": "kb:WindowsHandle-1", "@type": "uco-observable:WindowsHandle", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsHook.json b/templates/uco-observable/WindowsHook.json index 4aeaaca..74fd958 100644 --- a/templates/uco-observable/WindowsHook.json +++ b/templates/uco-observable/WindowsHook.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowshook1", + "@id": "kb:WindowsHook-1", "@type": "uco-observable:WindowsHook", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsMailslot.json b/templates/uco-observable/WindowsMailslot.json index 4915933..3b2c516 100644 --- a/templates/uco-observable/WindowsMailslot.json +++ b/templates/uco-observable/WindowsMailslot.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsmailslot1", + "@id": "kb:WindowsMailslot-1", "@type": "uco-observable:WindowsMailslot", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsNetworkShare.json b/templates/uco-observable/WindowsNetworkShare.json index 6af69a7..1c3b0be 100644 --- a/templates/uco-observable/WindowsNetworkShare.json +++ b/templates/uco-observable/WindowsNetworkShare.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsnetworkshare1", + "@id": "kb:WindowsNetworkShare-1", "@type": "uco-observable:WindowsNetworkShare", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsPEBinaryFile.json b/templates/uco-observable/WindowsPEBinaryFile.json index 8417998..094d299 100644 --- a/templates/uco-observable/WindowsPEBinaryFile.json +++ b/templates/uco-observable/WindowsPEBinaryFile.json @@ -1,31 +1,59 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowspebinaryfile1", + "@id": "kb:WindowsPEBinaryFile-1", "@type": "uco-observable:WindowsPEBinaryFile", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:FileFacet-1", + "@type": "uco-observable:FileFacet", + "uco-observable:accessedTime": null, + "uco-observable:allocationStatus": null, + "uco-observable:extension": null, + "uco-observable:fileName": [], + "uco-observable:filePath": [], + "uco-observable:isDirectory": [], + "uco-observable:metadataChangeTime": null, + "uco-observable:modifiedTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:sizeInBytes": null + }, + { + "@id": "kb:WindowsPEBinaryFileFacet-1", + "@type": "uco-observable:WindowsPEBinaryFileFacet", + "uco-observable:characteristics": [], + "uco-observable:fileHeaderHashes": [], + "uco-observable:impHash": null, + "uco-observable:machine": [], + "uco-observable:numberOfSections": null, + "uco-observable:numberOfSymbols": null, + "uco-observable:optionalHeader": null, + "uco-observable:peType": null, + "uco-observable:pointerToSymbolTable": [], + "uco-observable:sections": [], + "uco-observable:sizeOfOptionalHeader": null, + "uco-observable:timeDateStamp": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsPEBinaryFileFacet.json b/templates/uco-observable/WindowsPEBinaryFileFacet.json index 994ed1f..8cc8af7 100644 --- a/templates/uco-observable/WindowsPEBinaryFileFacet.json +++ b/templates/uco-observable/WindowsPEBinaryFileFacet.json @@ -1,28 +1,25 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowspebinaryfilefacet1", + "@id": "kb:WindowsPEBinaryFileFacet-1", "@type": "uco-observable:WindowsPEBinaryFileFacet", - "uco-observable:characteristics": null, - "uco-observable:fileHeaderHashes": null, + "uco-observable:characteristics": [], + "uco-observable:fileHeaderHashes": [], "uco-observable:impHash": null, - "uco-observable:machine": null, + "uco-observable:machine": [], "uco-observable:numberOfSections": null, "uco-observable:numberOfSymbols": null, "uco-observable:optionalHeader": null, "uco-observable:peType": null, - "uco-observable:pointerToSymbolTable": null, - "uco-observable:sections": null, + "uco-observable:pointerToSymbolTable": [], + "uco-observable:sections": [], "uco-observable:sizeOfOptionalHeader": null, "uco-observable:timeDateStamp": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsPEFileHeader.json b/templates/uco-observable/WindowsPEFileHeader.json index f533ede..242e03d 100644 --- a/templates/uco-observable/WindowsPEFileHeader.json +++ b/templates/uco-observable/WindowsPEFileHeader.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowspefileheader1", + "@id": "kb:WindowsPEFileHeader-1", "@type": "uco-observable:WindowsPEFileHeader", "uco-observable:timeDateStamp": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsPEOptionalHeader.json b/templates/uco-observable/WindowsPEOptionalHeader.json index 2070ca3..0968001 100644 --- a/templates/uco-observable/WindowsPEOptionalHeader.json +++ b/templates/uco-observable/WindowsPEOptionalHeader.json @@ -1,45 +1,42 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowspeoptionalheader1", + "@id": "kb:WindowsPEOptionalHeader-1", "@type": "uco-observable:WindowsPEOptionalHeader", - "uco-observable:addressOfEntryPoint": null, - "uco-observable:baseOfCode": null, - "uco-observable:checksum": null, - "uco-observable:dllCharacteristics": null, - "uco-observable:fileAlignment": null, - "uco-observable:imageBase": null, - "uco-observable:loaderFlags": null, - "uco-observable:magic": null, - "uco-observable:majorImageVersion": null, - "uco-observable:majorLinkerVersion": null, - "uco-observable:majorOSVersion": null, - "uco-observable:majorSubsystemVersion": null, - "uco-observable:minorImageVersion": null, - "uco-observable:minorLinkerVersion": null, - "uco-observable:minorOSVersion": null, - "uco-observable:minorSubsystemVersion": null, - "uco-observable:numberOfRVAAndSizes": null, - "uco-observable:sectionAlignment": null, - "uco-observable:sizeOfCode": null, - "uco-observable:sizeOfHeaders": null, - "uco-observable:sizeOfHeapCommit": null, - "uco-observable:sizeOfHeapReserve": null, - "uco-observable:sizeOfImage": null, - "uco-observable:sizeOfInitializedData": null, - "uco-observable:sizeOfStackCommit": null, - "uco-observable:sizeOfStackReserve": null, - "uco-observable:sizeOfUninitializedData": null, - "uco-observable:subsystem": null, - "uco-observable:win32VersionValue": null + "uco-observable:addressOfEntryPoint": [], + "uco-observable:baseOfCode": [], + "uco-observable:checksum": [], + "uco-observable:dllCharacteristics": [], + "uco-observable:fileAlignment": [], + "uco-observable:imageBase": [], + "uco-observable:loaderFlags": [], + "uco-observable:magic": [], + "uco-observable:majorImageVersion": [], + "uco-observable:majorLinkerVersion": [], + "uco-observable:majorOSVersion": [], + "uco-observable:majorSubsystemVersion": [], + "uco-observable:minorImageVersion": [], + "uco-observable:minorLinkerVersion": [], + "uco-observable:minorOSVersion": [], + "uco-observable:minorSubsystemVersion": [], + "uco-observable:numberOfRVAAndSizes": [], + "uco-observable:sectionAlignment": [], + "uco-observable:sizeOfCode": [], + "uco-observable:sizeOfHeaders": [], + "uco-observable:sizeOfHeapCommit": [], + "uco-observable:sizeOfHeapReserve": [], + "uco-observable:sizeOfImage": [], + "uco-observable:sizeOfInitializedData": [], + "uco-observable:sizeOfStackCommit": [], + "uco-observable:sizeOfStackReserve": [], + "uco-observable:sizeOfUninitializedData": [], + "uco-observable:subsystem": [], + "uco-observable:win32VersionValue": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsPESection.json b/templates/uco-observable/WindowsPESection.json index 64cedca..aa5e0b4 100644 --- a/templates/uco-observable/WindowsPESection.json +++ b/templates/uco-observable/WindowsPESection.json @@ -1,21 +1,18 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowspesection1", + "@id": "kb:WindowsPESection-1", "@type": "uco-observable:WindowsPESection", "uco-core:name": null, "uco-observable:entropy": null, - "uco-observable:hashes": null, + "uco-observable:hashes": [], "uco-observable:size": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsPrefetch.json b/templates/uco-observable/WindowsPrefetch.json index f46e725..f3b191f 100644 --- a/templates/uco-observable/WindowsPrefetch.json +++ b/templates/uco-observable/WindowsPrefetch.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsprefetch1", + "@id": "kb:WindowsPrefetch-1", "@type": "uco-observable:WindowsPrefetch", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:WindowsPrefetchFacet-1", + "@type": "uco-observable:WindowsPrefetchFacet", + "uco-observable:accessedDirectory": [], + "uco-observable:accessedFile": [], + "uco-observable:applicationFileName": null, + "uco-observable:firstRun": null, + "uco-observable:lastRun": null, + "uco-observable:prefetchHash": null, + "uco-observable:timesExecuted": null, + "uco-observable:volume": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsPrefetchFacet.json b/templates/uco-observable/WindowsPrefetchFacet.json index a14e636..429d9df 100644 --- a/templates/uco-observable/WindowsPrefetchFacet.json +++ b/templates/uco-observable/WindowsPrefetchFacet.json @@ -1,14 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsprefetchfacet1", + "@id": "kb:WindowsPrefetchFacet-1", "@type": "uco-observable:WindowsPrefetchFacet", - "uco-observable:accessedDirectory": null, - "uco-observable:accessedFile": null, + "uco-observable:accessedDirectory": [], + "uco-observable:accessedFile": [], "uco-observable:applicationFileName": null, "uco-observable:firstRun": null, "uco-observable:lastRun": null, @@ -16,9 +17,5 @@ "uco-observable:timesExecuted": null, "uco-observable:volume": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsProcess.json b/templates/uco-observable/WindowsProcess.json index d315c55..e7d41b9 100644 --- a/templates/uco-observable/WindowsProcess.json +++ b/templates/uco-observable/WindowsProcess.json @@ -1,31 +1,55 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsprocess1", + "@id": "kb:WindowsProcess-1", "@type": "uco-observable:WindowsProcess", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:ProcessFacet-1", + "@type": "uco-observable:ProcessFacet", + "uco-observable:arguments": [], + "uco-observable:binary": null, + "uco-observable:creatorUser": null, + "uco-observable:currentWorkingDirectory": null, + "uco-observable:environmentVariables": null, + "uco-observable:exitStatus": null, + "uco-observable:exitTime": null, + "uco-observable:isHidden": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:parent": null, + "uco-observable:pid": null, + "uco-observable:status": null + }, + { + "@id": "kb:WindowsProcessFacet-1", + "@type": "uco-observable:WindowsProcessFacet", + "uco-observable:aslrEnabled": null, + "uco-observable:depEnabled": null, + "uco-observable:ownerSID": null, + "uco-observable:priority": null, + "uco-observable:startupInfo": null, + "uco-observable:windowTitle": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsProcessFacet.json b/templates/uco-observable/WindowsProcessFacet.json index 69a2117..fb495bc 100644 --- a/templates/uco-observable/WindowsProcessFacet.json +++ b/templates/uco-observable/WindowsProcessFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsprocessfacet1", + "@id": "kb:WindowsProcessFacet-1", "@type": "uco-observable:WindowsProcessFacet", "uco-observable:aslrEnabled": null, "uco-observable:depEnabled": null, @@ -14,9 +15,5 @@ "uco-observable:startupInfo": null, "uco-observable:windowTitle": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsRegistryHive.json b/templates/uco-observable/WindowsRegistryHive.json index f914070..47add99 100644 --- a/templates/uco-observable/WindowsRegistryHive.json +++ b/templates/uco-observable/WindowsRegistryHive.json @@ -1,31 +1,32 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsregistryhive1", + "@id": "kb:WindowsRegistryHive-1", "@type": "uco-observable:WindowsRegistryHive", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:WindowsRegistryHiveFacet-1", + "@type": "uco-observable:WindowsRegistryHiveFacet", + "uco-observable:hiveType": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsRegistryHiveFacet.json b/templates/uco-observable/WindowsRegistryHiveFacet.json index 5c4bef9..02553ae 100644 --- a/templates/uco-observable/WindowsRegistryHiveFacet.json +++ b/templates/uco-observable/WindowsRegistryHiveFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsregistryhivefacet1", + "@id": "kb:WindowsRegistryHiveFacet-1", "@type": "uco-observable:WindowsRegistryHiveFacet", "uco-observable:hiveType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsRegistryKey.json b/templates/uco-observable/WindowsRegistryKey.json index be0a741..de89c17 100644 --- a/templates/uco-observable/WindowsRegistryKey.json +++ b/templates/uco-observable/WindowsRegistryKey.json @@ -1,31 +1,36 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsregistrykey1", + "@id": "kb:WindowsRegistryKey-1", "@type": "uco-observable:WindowsRegistryKey", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:WindowsRegistryKeyFacet-1", + "@type": "uco-observable:WindowsRegistryKeyFacet", + "uco-observable:creator": null, + "uco-observable:key": null, + "uco-observable:modifiedTime": null, + "uco-observable:numberOfSubkeys": null, + "uco-observable:registryValues": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsRegistryKeyFacet.json b/templates/uco-observable/WindowsRegistryKeyFacet.json index eaa0f27..b615e3e 100644 --- a/templates/uco-observable/WindowsRegistryKeyFacet.json +++ b/templates/uco-observable/WindowsRegistryKeyFacet.json @@ -1,21 +1,18 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsregistrykeyfacet1", + "@id": "kb:WindowsRegistryKeyFacet-1", "@type": "uco-observable:WindowsRegistryKeyFacet", "uco-observable:creator": null, "uco-observable:key": null, "uco-observable:modifiedTime": null, "uco-observable:numberOfSubkeys": null, - "uco-observable:registryValues": null + "uco-observable:registryValues": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsRegistryValue.json b/templates/uco-observable/WindowsRegistryValue.json index e5c5e2c..2f06874 100644 --- a/templates/uco-observable/WindowsRegistryValue.json +++ b/templates/uco-observable/WindowsRegistryValue.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsregistryvalue1", + "@id": "kb:WindowsRegistryValue-1", "@type": "uco-observable:WindowsRegistryValue", "uco-core:name": null, "uco-observable:data": null, "uco-observable:dataType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsService.json b/templates/uco-observable/WindowsService.json index 9dc2437..4778c17 100644 --- a/templates/uco-observable/WindowsService.json +++ b/templates/uco-observable/WindowsService.json @@ -1,31 +1,39 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsservice1", + "@id": "kb:WindowsService-1", "@type": "uco-observable:WindowsService", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:WindowsServiceFacet-1", + "@type": "uco-observable:WindowsServiceFacet", + "uco-observable:descriptions": [], + "uco-observable:displayName": null, + "uco-observable:groupName": null, + "uco-observable:serviceName": null, + "uco-observable:serviceStatus": null, + "uco-observable:serviceType": null, + "uco-observable:startCommandLine": null, + "uco-observable:startType": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsServiceFacet.json b/templates/uco-observable/WindowsServiceFacet.json index 386af4a..2edf901 100644 --- a/templates/uco-observable/WindowsServiceFacet.json +++ b/templates/uco-observable/WindowsServiceFacet.json @@ -1,13 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsservicefacet1", + "@id": "kb:WindowsServiceFacet-1", "@type": "uco-observable:WindowsServiceFacet", - "uco-observable:descriptions": null, + "uco-observable:descriptions": [], "uco-observable:displayName": null, "uco-observable:groupName": null, "uco-observable:serviceName": null, @@ -16,9 +17,5 @@ "uco-observable:startCommandLine": null, "uco-observable:startType": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsSystemRestore.json b/templates/uco-observable/WindowsSystemRestore.json index ae0698d..109b57a 100644 --- a/templates/uco-observable/WindowsSystemRestore.json +++ b/templates/uco-observable/WindowsSystemRestore.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowssystemrestore1", + "@id": "kb:WindowsSystemRestore-1", "@type": "uco-observable:WindowsSystemRestore", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsTask.json b/templates/uco-observable/WindowsTask.json index e616ee0..40fa4ee 100644 --- a/templates/uco-observable/WindowsTask.json +++ b/templates/uco-observable/WindowsTask.json @@ -1,31 +1,51 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowstask1", + "@id": "kb:WindowsTask-1", "@type": "uco-observable:WindowsTask", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:WindowsTaskFacet-1", + "@type": "uco-observable:WindowsTaskFacet", + "uco-observable:account": null, + "uco-observable:accountLogonType": null, + "uco-observable:accountRunLevel": null, + "uco-observable:actionList": [], + "uco-observable:application": null, + "uco-observable:exitCode": null, + "uco-observable:flags": [], + "uco-observable:imageName": null, + "uco-observable:maxRunTime": null, + "uco-observable:mostRecentRunTime": null, + "uco-observable:nextRunTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:parameters": null, + "uco-observable:priority": null, + "uco-observable:status": null, + "uco-observable:taskComment": null, + "uco-observable:taskCreator": null, + "uco-observable:triggerList": [], + "uco-observable:workItemData": null, + "uco-observable:workingDirectory": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsTaskFacet.json b/templates/uco-observable/WindowsTaskFacet.json index 071d368..5906787 100644 --- a/templates/uco-observable/WindowsTaskFacet.json +++ b/templates/uco-observable/WindowsTaskFacet.json @@ -1,19 +1,20 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowstaskfacet1", + "@id": "kb:WindowsTaskFacet-1", "@type": "uco-observable:WindowsTaskFacet", "uco-observable:account": null, "uco-observable:accountLogonType": null, "uco-observable:accountRunLevel": null, - "uco-observable:actionList": null, + "uco-observable:actionList": [], "uco-observable:application": null, "uco-observable:exitCode": null, - "uco-observable:flags": null, + "uco-observable:flags": [], "uco-observable:imageName": null, "uco-observable:maxRunTime": null, "uco-observable:mostRecentRunTime": null, @@ -24,13 +25,9 @@ "uco-observable:status": null, "uco-observable:taskComment": null, "uco-observable:taskCreator": null, - "uco-observable:triggerList": null, + "uco-observable:triggerList": [], "uco-observable:workItemData": null, "uco-observable:workingDirectory": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsThread.json b/templates/uco-observable/WindowsThread.json index a926f1c..6f91964 100644 --- a/templates/uco-observable/WindowsThread.json +++ b/templates/uco-observable/WindowsThread.json @@ -1,31 +1,42 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsthread1", + "@id": "kb:WindowsThread-1", "@type": "uco-observable:WindowsThread", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:WindowsThreadFacet-1", + "@type": "uco-observable:WindowsThreadFacet", + "uco-observable:context": null, + "uco-observable:creationFlags": [], + "uco-observable:creationTime": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:parameterAddress": [], + "uco-observable:priority": null, + "uco-observable:runningStatus": null, + "uco-observable:securityAttributes": null, + "uco-observable:stackSize": [], + "uco-observable:startAddress": [], + "uco-observable:threadID": [] + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsThreadFacet.json b/templates/uco-observable/WindowsThreadFacet.json index 84b3bd5..482f64d 100644 --- a/templates/uco-observable/WindowsThreadFacet.json +++ b/templates/uco-observable/WindowsThreadFacet.json @@ -1,26 +1,24 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsthreadfacet1", + "@id": "kb:WindowsThreadFacet-1", "@type": "uco-observable:WindowsThreadFacet", "uco-observable:context": null, - "uco-observable:creationFlags": null, + "uco-observable:creationFlags": [], "uco-observable:creationTime": null, - "uco-observable:parameterAddress": null, + "uco-observable:observableCreatedTime": null, + "uco-observable:parameterAddress": [], "uco-observable:priority": null, "uco-observable:runningStatus": null, "uco-observable:securityAttributes": null, - "uco-observable:stackSize": null, - "uco-observable:startAddress": null, - "uco-observable:threadID": null + "uco-observable:stackSize": [], + "uco-observable:startAddress": [], + "uco-observable:threadID": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsVolumeFacet.json b/templates/uco-observable/WindowsVolumeFacet.json index 071cd66..fcf49ef 100644 --- a/templates/uco-observable/WindowsVolumeFacet.json +++ b/templates/uco-observable/WindowsVolumeFacet.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowsvolumefacet1", + "@id": "kb:WindowsVolumeFacet-1", "@type": "uco-observable:WindowsVolumeFacet", "uco-observable:driveLetter": null, "uco-observable:driveType": null, - "uco-observable:windowsVolumeAttributes": null + "uco-observable:windowsVolumeAttributes": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WindowsWaitableTime.json b/templates/uco-observable/WindowsWaitableTime.json index 5b6191c..9552611 100644 --- a/templates/uco-observable/WindowsWaitableTime.json +++ b/templates/uco-observable/WindowsWaitableTime.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:windowswaitabletime1", + "@id": "kb:WindowsWaitableTime-1", "@type": "uco-observable:WindowsWaitableTime", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WirelessNetworkConnection.json b/templates/uco-observable/WirelessNetworkConnection.json index f7d2415..e6a29e5 100644 --- a/templates/uco-observable/WirelessNetworkConnection.json +++ b/templates/uco-observable/WirelessNetworkConnection.json @@ -1,31 +1,49 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:wirelessnetworkconnection1", + "@id": "kb:WirelessNetworkConnection-1", "@type": "uco-observable:WirelessNetworkConnection", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [ + { + "@id": "kb:NetworkConnectionFacet-1", + "@type": "uco-observable:NetworkConnectionFacet", + "uco-observable:destinationPort": null, + "uco-observable:dst": [], + "uco-observable:endTime": null, + "uco-observable:isActive": null, + "uco-observable:protocols": null, + "uco-observable:sourcePort": null, + "uco-observable:src": [], + "uco-observable:startTime": null + }, + { + "@id": "kb:WirelessNetworkConnectionFacet-1", + "@type": "uco-observable:WirelessNetworkConnectionFacet", + "uco-observable:baseStation": null, + "uco-observable:password": null, + "uco-observable:ssid": null, + "uco-observable:wirelessNetworkSecurityMode": null + } + ], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WirelessNetworkConnectionFacet.json b/templates/uco-observable/WirelessNetworkConnectionFacet.json index 1c4450f..94812e0 100644 --- a/templates/uco-observable/WirelessNetworkConnectionFacet.json +++ b/templates/uco-observable/WirelessNetworkConnectionFacet.json @@ -1,20 +1,17 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:wirelessnetworkconnectionfacet1", + "@id": "kb:WirelessNetworkConnectionFacet-1", "@type": "uco-observable:WirelessNetworkConnectionFacet", "uco-observable:baseStation": null, "uco-observable:password": null, "uco-observable:ssid": null, "uco-observable:wirelessNetworkSecurityMode": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/WriteBlocker.json b/templates/uco-observable/WriteBlocker.json new file mode 100644 index 0000000..91e1811 --- /dev/null +++ b/templates/uco-observable/WriteBlocker.json @@ -0,0 +1,35 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:WriteBlocker-1", + "@type": "uco-observable:WriteBlocker", + "case-investigation:wasDerivedFrom": [], + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:DeviceFacet-1", + "@type": "uco-observable:DeviceFacet", + "uco-observable:deviceType": null, + "uco-observable:manufacturer": null, + "uco-observable:model": null, + "uco-observable:serialNumber": null + }, + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-observable:hasChanged": null, + "uco-observable:state": null + } + ] +} diff --git a/templates/uco-observable/X509Certificate.json b/templates/uco-observable/X509Certificate.json index ea0271c..97e9db0 100644 --- a/templates/uco-observable/X509Certificate.json +++ b/templates/uco-observable/X509Certificate.json @@ -1,31 +1,47 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:x509certificate1", + "@id": "kb:X509Certificate-1", "@type": "uco-observable:X509Certificate", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": { + "@id": "kb:X509CertificateFacet-1", + "@type": "uco-observable:X509CertificateFacet", + "uco-observable:isSelfSigned": null, + "uco-observable:issuer": null, + "uco-observable:issuerHash": null, + "uco-observable:serialNumber": null, + "uco-observable:signature": null, + "uco-observable:signatureAlgorithm": null, + "uco-observable:subject": null, + "uco-observable:subjectHash": null, + "uco-observable:subjectPublicKeyAlgorithm": null, + "uco-observable:subjectPublicKeyExponent": null, + "uco-observable:subjectPublicKeyModulus": null, + "uco-observable:thumbprintHash": null, + "uco-observable:validityNotAfter": null, + "uco-observable:validityNotBefore": null, + "uco-observable:version": null, + "uco-observable:x509v3extensions": null + }, + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/X509CertificateFacet.json b/templates/uco-observable/X509CertificateFacet.json index 0a2de74..010f052 100644 --- a/templates/uco-observable/X509CertificateFacet.json +++ b/templates/uco-observable/X509CertificateFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:x509certificatefacet1", + "@id": "kb:X509CertificateFacet-1", "@type": "uco-observable:X509CertificateFacet", "uco-observable:isSelfSigned": null, "uco-observable:issuer": null, @@ -24,9 +25,5 @@ "uco-observable:version": null, "uco-observable:x509v3extensions": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/X509V3Certificate.json b/templates/uco-observable/X509V3Certificate.json index d4065c5..8e9771a 100644 --- a/templates/uco-observable/X509V3Certificate.json +++ b/templates/uco-observable/X509V3Certificate.json @@ -1,31 +1,28 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:x509v3certificate1", + "@id": "kb:X509V3Certificate-1", "@type": "uco-observable:X509V3Certificate", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-observable:hasChanged": null, "uco-observable:state": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-observable/X509V3ExtensionsFacet.json b/templates/uco-observable/X509V3ExtensionsFacet.json index 39a5253..f20cdc2 100644 --- a/templates/uco-observable/X509V3ExtensionsFacet.json +++ b/templates/uco-observable/X509V3ExtensionsFacet.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable#" + "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:x509v3extensionsfacet1", + "@id": "kb:X509V3ExtensionsFacet-1", "@type": "uco-observable:X509V3ExtensionsFacet", "uco-observable:authorityKeyIdentifier": null, "uco-observable:basicConstraints": null, @@ -24,9 +25,5 @@ "uco-observable:subjectDirectoryAttributes": null, "uco-observable:subjectKeyIdentifier": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-pattern/LogicalPattern.json b/templates/uco-pattern/LogicalPattern.json index 024e002..12a5255 100644 --- a/templates/uco-pattern/LogicalPattern.json +++ b/templates/uco-pattern/LogicalPattern.json @@ -1,30 +1,27 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-pattern": "https://ontology.unifiedcyberontology.org/uco/pattern#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-pattern": "https://ontology.unifiedcyberontology.org/uco/pattern/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:logicalpattern1", + "@id": "kb:LogicalPattern-1", "@type": "uco-pattern:LogicalPattern", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-pattern:patternExpression": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-pattern/Makefile b/templates/uco-pattern/Makefile new file mode 100644 index 0000000..1adeb9e --- /dev/null +++ b/templates/uco-pattern/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/pattern/ + +include ../../src/ontology.mk diff --git a/templates/uco-pattern/Pattern.json b/templates/uco-pattern/Pattern.json index 39b8e1e..fdcd386 100644 --- a/templates/uco-pattern/Pattern.json +++ b/templates/uco-pattern/Pattern.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-pattern": "https://ontology.unifiedcyberontology.org/uco/pattern#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-pattern": "https://ontology.unifiedcyberontology.org/uco/pattern/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:pattern1", + "@id": "kb:Pattern-1", "@type": "uco-pattern:Pattern", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-pattern/PatternExpression.json b/templates/uco-pattern/PatternExpression.json index 3a0b113..a355251 100644 --- a/templates/uco-pattern/PatternExpression.json +++ b/templates/uco-pattern/PatternExpression.json @@ -1,16 +1,13 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-pattern": "https://ontology.unifiedcyberontology.org/uco/pattern#" + "uco-pattern": "https://ontology.unifiedcyberontology.org/uco/pattern/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:patternexpression1", + "@id": "kb:PatternExpression-1", "@type": "uco-pattern:PatternExpression" } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-role/BenevolentRole.json b/templates/uco-role/BenevolentRole.json index 3e89dd8..ec0d434 100644 --- a/templates/uco-role/BenevolentRole.json +++ b/templates/uco-role/BenevolentRole.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-role": "https://ontology.unifiedcyberontology.org/uco/role#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-role": "https://ontology.unifiedcyberontology.org/uco/role/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:benevolentrole1", + "@id": "kb:BenevolentRole-1", "@type": "uco-role:BenevolentRole", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-role/Makefile b/templates/uco-role/Makefile new file mode 100644 index 0000000..83ad132 --- /dev/null +++ b/templates/uco-role/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/role/ + +include ../../src/ontology.mk diff --git a/templates/uco-role/MaliciousRole.json b/templates/uco-role/MaliciousRole.json index 735d858..833fb28 100644 --- a/templates/uco-role/MaliciousRole.json +++ b/templates/uco-role/MaliciousRole.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-role": "https://ontology.unifiedcyberontology.org/uco/role#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-role": "https://ontology.unifiedcyberontology.org/uco/role/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:maliciousrole1", + "@id": "kb:MaliciousRole-1", "@type": "uco-role:MaliciousRole", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-role/NeutralRole.json b/templates/uco-role/NeutralRole.json index 44d2616..b0120e7 100644 --- a/templates/uco-role/NeutralRole.json +++ b/templates/uco-role/NeutralRole.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-role": "https://ontology.unifiedcyberontology.org/uco/role#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-role": "https://ontology.unifiedcyberontology.org/uco/role/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:neutralrole1", + "@id": "kb:NeutralRole-1", "@type": "uco-role:NeutralRole", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-role/Role.json b/templates/uco-role/Role.json index f937abb..b8aa919 100644 --- a/templates/uco-role/Role.json +++ b/templates/uco-role/Role.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-role": "https://ontology.unifiedcyberontology.org/uco/role#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-role": "https://ontology.unifiedcyberontology.org/uco/role/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:role1", + "@id": "kb:Role-1", "@type": "uco-role:Role", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-tool/AnalyticTool.json b/templates/uco-tool/AnalyticTool.json index 26901f5..a63f482 100644 --- a/templates/uco-tool/AnalyticTool.json +++ b/templates/uco-tool/AnalyticTool.json @@ -1,34 +1,31 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:analytictool1", + "@id": "kb:AnalyticTool-1", "@type": "uco-tool:AnalyticTool", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-tool:creator": null, - "uco-tool:references": null, + "uco-tool:references": [], "uco-tool:servicePack": null, "uco-tool:toolType": null, "uco-tool:version": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-tool/BuildFacet.json b/templates/uco-tool/BuildFacet.json index bd22c92..6ee866e 100644 --- a/templates/uco-tool/BuildFacet.json +++ b/templates/uco-tool/BuildFacet.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool#" + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:buildfacet1", + "@id": "kb:BuildFacet-1", "@type": "uco-tool:BuildFacet", "uco-tool:buildInformation": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-tool/BuildInformationType.json b/templates/uco-tool/BuildInformationType.json index 51a617f..6c1752f 100644 --- a/templates/uco-tool/BuildInformationType.json +++ b/templates/uco-tool/BuildInformationType.json @@ -1,11 +1,12 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool#" + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:buildinformationtype1", + "@id": "kb:BuildInformationType-1", "@type": "uco-tool:BuildInformationType", "uco-tool:buildConfiguration": null, "uco-tool:buildID": null, @@ -16,12 +17,8 @@ "uco-tool:buildUtility": null, "uco-tool:buildVersion": null, "uco-tool:compilationDate": null, - "uco-tool:compilers": null, - "uco-tool:libraries": null + "uco-tool:compilers": [], + "uco-tool:libraries": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-tool/BuildUtilityType.json b/templates/uco-tool/BuildUtilityType.json index 061a1a5..a345886 100644 --- a/templates/uco-tool/BuildUtilityType.json +++ b/templates/uco-tool/BuildUtilityType.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool#" + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:buildutilitytype1", + "@id": "kb:BuildUtilityType-1", "@type": "uco-tool:BuildUtilityType", "uco-tool:buildUtilityName": null, "uco-tool:cpeid": null, "uco-tool:swid": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-tool/CompilerType.json b/templates/uco-tool/CompilerType.json index 0af44ce..d925d17 100644 --- a/templates/uco-tool/CompilerType.json +++ b/templates/uco-tool/CompilerType.json @@ -1,19 +1,16 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool#" + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:compilertype1", + "@id": "kb:CompilerType-1", "@type": "uco-tool:CompilerType", "uco-tool:compilerInformalDescription": null, "uco-tool:cpeid": null, "uco-tool:swid": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-tool/ConfiguredTool.json b/templates/uco-tool/ConfiguredTool.json new file mode 100644 index 0000000..10e7a94 --- /dev/null +++ b/templates/uco-tool/ConfiguredTool.json @@ -0,0 +1,34 @@ +{ + "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", + "kb": "http://example.org/kb/", + "uco-configuration": "https://ontology.unifiedcyberontology.org/uco/configuration/", + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:ConfiguredTool-1", + "@type": "uco-tool:ConfiguredTool", + "case-investigation:wasDerivedFrom": [], + "uco-configuration:isConfigurationOf": null, + "uco-configuration:usesConfiguration": null, + "uco-core:createdBy": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], + "uco-core:name": null, + "uco-core:objectCreatedTime": null, + "uco-core:objectMarking": [], + "uco-core:specVersion": null, + "uco-core:tag": [], + "uco-tool:creator": null, + "uco-tool:references": [], + "uco-tool:servicePack": null, + "uco-tool:toolType": null, + "uco-tool:version": null + } + ] +} diff --git a/templates/uco-tool/DefensiveTool.json b/templates/uco-tool/DefensiveTool.json index 77bc9da..ecc9f94 100644 --- a/templates/uco-tool/DefensiveTool.json +++ b/templates/uco-tool/DefensiveTool.json @@ -1,34 +1,31 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:defensivetool1", + "@id": "kb:DefensiveTool-1", "@type": "uco-tool:DefensiveTool", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-tool:creator": null, - "uco-tool:references": null, + "uco-tool:references": [], "uco-tool:servicePack": null, "uco-tool:toolType": null, "uco-tool:version": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-tool/LibraryType.json b/templates/uco-tool/LibraryType.json index 91c294b..4da0e3f 100644 --- a/templates/uco-tool/LibraryType.json +++ b/templates/uco-tool/LibraryType.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool#" + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:librarytype1", + "@id": "kb:LibraryType-1", "@type": "uco-tool:LibraryType", "uco-tool:libraryName": null, "uco-tool:libraryVersion": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-tool/Makefile b/templates/uco-tool/Makefile new file mode 100644 index 0000000..05038cd --- /dev/null +++ b/templates/uco-tool/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/tool/ + +include ../../src/ontology.mk diff --git a/templates/uco-tool/MaliciousTool.json b/templates/uco-tool/MaliciousTool.json index e47819f..33f727c 100644 --- a/templates/uco-tool/MaliciousTool.json +++ b/templates/uco-tool/MaliciousTool.json @@ -1,34 +1,31 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:malicioustool1", + "@id": "kb:MaliciousTool-1", "@type": "uco-tool:MaliciousTool", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-tool:creator": null, - "uco-tool:references": null, + "uco-tool:references": [], "uco-tool:servicePack": null, "uco-tool:toolType": null, "uco-tool:version": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-tool/Tool.json b/templates/uco-tool/Tool.json index 5080062..4e0824e 100644 --- a/templates/uco-tool/Tool.json +++ b/templates/uco-tool/Tool.json @@ -1,34 +1,31 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-tool": "https://ontology.unifiedcyberontology.org/uco/tool/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:tool1", + "@id": "kb:Tool-1", "@type": "uco-tool:Tool", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null, + "uco-core:tag": [], "uco-tool:creator": null, - "uco-tool:references": null, + "uco-tool:references": [], "uco-tool:servicePack": null, "uco-tool:toolType": null, "uco-tool:version": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-types/ControlledDictionary.json b/templates/uco-types/ControlledDictionary.json index 6aa7dbf..1564e1d 100644 --- a/templates/uco-types/ControlledDictionary.json +++ b/templates/uco-types/ControlledDictionary.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-types": "https://ontology.unifiedcyberontology.org/uco/types#" + "uco-types": "https://ontology.unifiedcyberontology.org/uco/types/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:controlleddictionary1", + "@id": "kb:ControlledDictionary-1", "@type": "uco-types:ControlledDictionary", - "uco-types:entry": null + "uco-types:entry": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-types/ControlledDictionaryEntry.json b/templates/uco-types/ControlledDictionaryEntry.json index 5599eb8..0863089 100644 --- a/templates/uco-types/ControlledDictionaryEntry.json +++ b/templates/uco-types/ControlledDictionaryEntry.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-types": "https://ontology.unifiedcyberontology.org/uco/types#" + "uco-types": "https://ontology.unifiedcyberontology.org/uco/types/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:controlleddictionaryentry1", + "@id": "kb:ControlledDictionaryEntry-1", "@type": "uco-types:ControlledDictionaryEntry", "uco-types:key": null, "uco-types:value": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-types/Dictionary.json b/templates/uco-types/Dictionary.json index db721d0..a347abe 100644 --- a/templates/uco-types/Dictionary.json +++ b/templates/uco-types/Dictionary.json @@ -1,17 +1,14 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-types": "https://ontology.unifiedcyberontology.org/uco/types#" + "uco-types": "https://ontology.unifiedcyberontology.org/uco/types/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:dictionary1", + "@id": "kb:Dictionary-1", "@type": "uco-types:Dictionary", - "uco-types:entry": null + "uco-types:entry": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-types/DictionaryEntry.json b/templates/uco-types/DictionaryEntry.json index 60f6dce..6441e4c 100644 --- a/templates/uco-types/DictionaryEntry.json +++ b/templates/uco-types/DictionaryEntry.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-types": "https://ontology.unifiedcyberontology.org/uco/types#" + "uco-types": "https://ontology.unifiedcyberontology.org/uco/types/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:dictionaryentry1", + "@id": "kb:DictionaryEntry-1", "@type": "uco-types:DictionaryEntry", "uco-types:key": null, "uco-types:value": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-types/Hash.json b/templates/uco-types/Hash.json index 11a312a..0815c7c 100644 --- a/templates/uco-types/Hash.json +++ b/templates/uco-types/Hash.json @@ -1,18 +1,15 @@ { "@context": { "kb": "http://example.org/kb/", - "uco-types": "https://ontology.unifiedcyberontology.org/uco/types#" + "uco-types": "https://ontology.unifiedcyberontology.org/uco/types/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:hash1", + "@id": "kb:Hash-1", "@type": "uco-types:Hash", "uco-types:hashMethod": null, "uco-types:hashValue": null } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-types/Makefile b/templates/uco-types/Makefile new file mode 100644 index 0000000..4a3cf54 --- /dev/null +++ b/templates/uco-types/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/types/ + +include ../../src/ontology.mk diff --git a/templates/uco-types/Thread.json b/templates/uco-types/Thread.json new file mode 100644 index 0000000..e1abb6b --- /dev/null +++ b/templates/uco-types/Thread.json @@ -0,0 +1,19 @@ +{ + "@context": { + "co": "http://purl.org/co/", + "kb": "http://example.org/kb/", + "uco-types": "https://ontology.unifiedcyberontology.org/uco/types/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:Thread-1", + "@type": "uco-types:Thread", + "co:element": [], + "co:item": [], + "co:size": null, + "uco-types:threadOriginItem": [], + "uco-types:threadTerminalItem": [] + } + ] +} diff --git a/templates/uco-types/ThreadItem.json b/templates/uco-types/ThreadItem.json new file mode 100644 index 0000000..7d0c2f9 --- /dev/null +++ b/templates/uco-types/ThreadItem.json @@ -0,0 +1,17 @@ +{ + "@context": { + "co": "http://purl.org/co/", + "kb": "http://example.org/kb/", + "uco-types": "https://ontology.unifiedcyberontology.org/uco/types/", + "xsd": "http://www.w3.org/2001/XMLSchema#" + }, + "@graph": [ + { + "@id": "kb:ThreadItem-1", + "@type": "uco-types:ThreadItem", + "co:itemContent": [], + "uco-types:threadPredecessor": [], + "uco-types:threadSuccessor": [] + } + ] +} diff --git a/templates/uco-victim/Makefile b/templates/uco-victim/Makefile new file mode 100644 index 0000000..0e8810a --- /dev/null +++ b/templates/uco-victim/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# Portions of this file contributed by NIST are governed by the +# following statement: +# +# This software was developed at the National Institute of Standards +# and Technology by employees of the Federal Government in the course +# of their official duties. Pursuant to Title 17 Section 105 of the +# United States Code, this software is not subject to copyright +# protection within the United States. NIST assumes no responsibility +# whatsoever for its use by other parties, and makes no guarantees, +# expressed or implied, about its quality, reliability, or any other +# characteristic. +# +# We would appreciate acknowledgement if the software is used. + +PREFIX_IRI := https://ontology.unifiedcyberontology.org/uco/victim/ + +include ../../src/ontology.mk diff --git a/templates/uco-victim/Victim.json b/templates/uco-victim/Victim.json index 2ab1b3f..27a800d 100644 --- a/templates/uco-victim/Victim.json +++ b/templates/uco-victim/Victim.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-victim": "https://ontology.unifiedcyberontology.org/uco/victim#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-victim": "https://ontology.unifiedcyberontology.org/uco/victim/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:victim1", + "@id": "kb:Victim-1", "@type": "uco-victim:Victim", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] } diff --git a/templates/uco-victim/VictimTargeting.json b/templates/uco-victim/VictimTargeting.json index 2e7cf50..8c628a8 100644 --- a/templates/uco-victim/VictimTargeting.json +++ b/templates/uco-victim/VictimTargeting.json @@ -1,29 +1,26 @@ { "@context": { + "case-investigation": "https://ontology.caseontology.org/case/investigation/", "kb": "http://example.org/kb/", - "uco-core": "https://ontology.unifiedcyberontology.org/uco/core#", - "uco-victim": "https://ontology.unifiedcyberontology.org/uco/victim#" + "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/", + "uco-victim": "https://ontology.unifiedcyberontology.org/uco/victim/", + "xsd": "http://www.w3.org/2001/XMLSchema#" }, "@graph": [ { - "@id": "kb:victimtargeting1", + "@id": "kb:VictimTargeting-1", "@type": "uco-victim:VictimTargeting", + "case-investigation:wasDerivedFrom": [], "uco-core:createdBy": null, - "uco-core:description": null, - "uco-core:externalReference": null, - "uco-core:hasFacet": null, - "uco-core:id": null, - "uco-core:modifiedTime": null, + "uco-core:description": [], + "uco-core:externalReference": [], + "uco-core:hasFacet": [], + "uco-core:modifiedTime": [], "uco-core:name": null, "uco-core:objectCreatedTime": null, - "uco-core:objectMarking": null, + "uco-core:objectMarking": [], "uco-core:specVersion": null, - "uco-core:tag": null, - "uco-core:type": null + "uco-core:tag": [] } - ], - "@version": { - "case_util": "0.6.0", - "ontology_version": "0.7.0" - } + ] }