semanticarts · rhohimer · Jun 11, 2025 · Jun 6, 2025 · Jun 6, 2025 · Jun 6, 2025
diff --git a/ontologies/vocabs.ttl b/ontologies/vocabs.ttl
@@ -144,6 +144,19 @@ gist:ProcessorArchitecture
 	skos:prefLabel "Processor Architecture"^^xsd:string ;
 	.
 
+gist:ReportType
+	a owl:Class ;
+	rdfs:subClassOf gist:StixCategoryObject ;
+	skos:definition "A category indicating the primary purpose or subject of a report."^^xsd:string ;
+	skos:example "A report that contains malware and indicators for that malware has a report type of 'malware'."^^xsd:string ;
+	skos:note
+		"Just because a report contains objects of a type does not mean that the report should include that type. If the objects are there to simply provide evidence or context for other objects, it is not necessary to include them in the type."^^xsd:string ,
+		"Report types are not mutually exclusive: a Report can be both a malware report and a tool report."^^xsd:string
+		;
+	skos:prefLabel "Report Type"^^xsd:string ;
+	gist:stixTerm "report-type-ov"^^xsd:string ;
+	.
+
 gist:StixRegion
 	a owl:Class ;
 	rdfs:subClassOf gist:StixCategoryObject ;
@@ -168,6 +181,16 @@ gist:ThreatActorType
 	rdfs:subClassOf gist:StixCategoryObject ;
 	.
 
+gist:ToolType
+	a owl:Class ;
+	rdfs:subClassOf gist:StixCategoryObject ;
+	skos:definition "A category indicating a kind of tool that can be used to perform attacks."^^xsd:string ;
+	skos:example ""^^xsd:string ;
+	skos:note ""^^xsd:string ;
+	skos:prefLabel "Tool Type"^^xsd:string ;
+	gist:stixTerm "tool-type-ov"^^xsd:string ;
+	.
+
 gist:WindowsServiceStatus
 	a owl:Class ;
 	rdfs:subClassOf gist:StixCategoryObject ;
@@ -1957,6 +1980,94 @@ gist:_ProcessorArchitecture_x8664
 	gist:stixTerm "x86-64"^^xsd:string ;
 	.
 
+gist:_ReportType_attack-pattern
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of one or more attack patterns and related information."""^^xsd:string ;
+	skos:prefLabel "Attack Pattern"^^xsd:string ;
+	gist:stixTerm "attack-pattern"^^xsd:string ;
+	.
+
+gist:_ReportType_campaign
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of one or more campaigns and related information."""^^xsd:string ;
+	skos:prefLabel "Campaign"^^xsd:string ;
+	gist:stixTerm "campaign"^^xsd:string ;
+	.
+
+gist:_ReportType_identity
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of one or more identities and related information."""^^xsd:string ;
+	skos:prefLabel "Identity"^^xsd:string ;
+	gist:stixTerm "identity"^^xsd:string ;
+	.
+
+gist:_ReportType_indicator
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of one or more indicators and related information."""^^xsd:string ;
+	skos:prefLabel "Indicator"^^xsd:string ;
+	gist:stixTerm "indicator"^^xsd:string ;
+	.
+
+gist:_ReportType_intrusion-set
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of one or more intrusion sets and related information."""^^xsd:string ;
+	skos:prefLabel "Intrusion Set"^^xsd:string ;
+	gist:stixTerm "intrusion-set"^^xsd:string ;
+	.
+
+gist:_ReportType_malware
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of one or more malware instances and related information."""^^xsd:string ;
+	skos:prefLabel "Malware"^^xsd:string ;
+	gist:stixTerm "malware"^^xsd:string ;
+	.
+
+gist:_ReportType_observed-data
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of observed data and related information."""^^xsd:string ;
+	skos:prefLabel "Observed Data"^^xsd:string ;
+	gist:stixTerm "observed-data"^^xsd:string ;
+	.
+
+gist:_ReportType_threat-actor
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of one or more threat actors and related information."""^^xsd:string ;
+	skos:prefLabel "Threat Actor"^^xsd:string ;
+	gist:stixTerm "threat-actor"^^xsd:string ;
+	.
+
+gist:_ReportType_threat-report
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a broad characterization of a threat across multiple facets."""^^xsd:string ;
+	skos:prefLabel "Threat Report"^^xsd:string ;
+	gist:stixTerm "threat-report"^^xsd:string ;
+	.
+
+gist:_ReportType_tool
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of one or more tools and related information."""^^xsd:string ;
+	skos:prefLabel "Tool"^^xsd:string ;
+	gist:stixTerm "tool"^^xsd:string ;
+	.
+
+gist:_ReportType_vulnerability
+	a gist:ReportType ;
+	skos:definition """STIX 2.1 Description: 
+Report subject is a characterization of one or more vulnerabilities and related information."""^^xsd:string ;
+	skos:prefLabel "Vulnerability"^^xsd:string ;
+	gist:stixTerm "vulnerability"^^xsd:string ;
+	.
+
 gist:_StixRegion_africa
 	a gist:StixRegion ;
 	skos:definition "The STIX tag for the Africa region."^^xsd:string ;
@@ -2487,6 +2598,70 @@ There is not enough information available to determine the type of threat actor.
 	skos:prefLabel "unknown"^^xsd:string ;
 	.
 
+gist:_ToolType_credential-exploitation
+	a gist:ToolType ;
+	skos:definition """STIX 2.1 description: 
+Tools used to crack password databases or otherwise exploit/discover credentials, either locally or remotely, such as John the Ripper and NCrack."""^^xsd:string ;
+	skos:prefLabel "Credential Exploitation"^^xsd:string ;
+	gist:stixTerm "credential-exploitation"^^xsd:string ;
+	.
+
+gist:_ToolType_denial-of-service
+	a gist:ToolType ;
+	skos:definition """STIX 2.1 description: 
+Tools used to perform denial of service attacks or DDoS attacks, such as Low Orbit Ion Cannon (LOIC) and DHCPig."""^^xsd:string ;
+	skos:prefLabel "Denial of Service"^^xsd:string ;
+	gist:stixTerm "denial-of-service"^^xsd:string ;
+	.
+
+gist:_ToolType_exploitation
+	a gist:ToolType ;
+	skos:definition """STIX 2.1 description: 
+Tools used to exploit software and systems, such as sqlmap and Metasploit."""^^xsd:string ;
+	skos:prefLabel "Exploitation"^^xsd:string ;
+	gist:stixTerm "exploitation"^^xsd:string ;
+	.
+
+gist:_ToolType_information-gathering
+	a gist:ToolType ;
+	skos:definition """STIX 2.1 description: 
+Tools used to enumerate system and network information, e.g., NMAP."""^^xsd:string ;
+	skos:prefLabel "Information Gathering"^^xsd:string ;
+	gist:stixTerm "information-gathering"^^xsd:string ;
+	.
+
+gist:_ToolType_network-capture
+	a gist:ToolType ;
+	skos:definition """STIX 2.1 description: 
+Tools used to capture network traffic, such as Wireshark and Kismet."""^^xsd:string ;
+	skos:prefLabel "Network Capture"^^xsd:string ;
+	gist:stixTerm "network-capture"^^xsd:string ;
+	.
+
+gist:_ToolType_remote-access
+	a gist:ToolType ;
+	skos:definition """STIX 2.1 description: 
+Tools used to access machines remotely, such as VNC and Remote Desktop."""^^xsd:string ;
+	skos:prefLabel "Remote Access"^^xsd:string ;
+	gist:stixTerm "remote-access"^^xsd:string ;
+	.
+
+gist:_ToolType_unknown
+	a gist:ToolType ;
+	skos:definition """STIX 2.1 description: 
+There is not enough information available to determine the type of tool."""^^xsd:string ;
+	skos:prefLabel "Unknown Tool Type"^^xsd:string ;
+	gist:stixTerm "unknown"^^xsd:string ;
+	.
+
+gist:_ToolType_vulnerability-scanning
+	a gist:ToolType ;
+	skos:definition """STIX 2.1 description: 
+Tools used to scan systems and networks for vulnerabilities, e.g., Nessus."""^^xsd:string ;
+	skos:prefLabel "Vulnerability Scanning"^^xsd:string ;
+	gist:stixTerm "vulnerability-scanning"^^xsd:string ;
+	.
+
 gist:_WindowsServiceStatus_service-continue-pending
 	a gist:WindowsServiceStatus ;
 	skos:definition """STIX 2.1 description: