Skip to content

Issue 45: implement the stix 21 report type vocabulary #98

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

Issue 45: implement the stix 21 report type vocabulary #98

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
22620d2
Instantiate gist:ReportType
brett-heffelfinger Jun 6, 2025
12d2ab8
Instantiate STIX report type categories
brett-heffelfinger Jun 6, 2025
94a8dfe
Update ontologies/vocabs.ttl
brett-heffelfinger Jun 6, 2025
e04ee5e
Update ontologies/vocabs.ttl
brett-heffelfinger Jun 6, 2025
d4d2b0e
Update ontologies/vocabs.ttl
brett-heffelfinger Jun 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
99 changes: 99 additions & 0 deletions ontologies/vocabs.ttl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,17 @@ gist:ProcessorArchitecture
skos:prefLabel "Processor Architecture"^^xsd:string ;
.

gist:ReportType
a owl:Class ;
rdfs:subClassOf gist:StixCategoryObject ;
skos:definition "A category indicating the primary purpose or subject of a report."^^xsd:string ;
skos:example "A report that contains malware and indicators for that malware has a report type of 'malware'."^^xsd:string ;
skos:note "Report types are not mutually exclusive: a Report can be both a malware report and a tool report."^^xsd:string ;
skos:note "Just because a report contains objects of a type does not mean that the report should include that type. If the objects are there to simply provide evidence or context for other objects, it is not necessary to include them in the type."^^xsd:string ;
skos:prefLabel "Report Type"^^xsd:string ;
gist:stixTerm "report-type-ov"^^xsd:string ;
.

gist:StixRegion
a owl:Class ;
rdfs:subClassOf gist:StixCategoryObject ;
Expand Down Expand Up @@ -1943,6 +1954,94 @@ gist:_ProcessorArchitecture_x8664
gist:stixTerm "x86-64"^^xsd:string ;
.

gist:_ReportType_attack-pattern
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of one or more attack patterns and related information."""^^xsd:string ;
skos:prefLabel "Attack Pattern"^^xsd:string ;
gist:stixTerm "attack-pattern"^^xsd:string ;
.

gist:_ReportType_campaign
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of one or more campaigns and related information."""^^xsd:string ;
skos:prefLabel "Campaign"^^xsd:string ;
gist:stixTerm "campaign"^^xsd:string ;
.

gist:_ReportType_identity
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of one or more identities and related information."""^^xsd:string ;
skos:prefLabel "Identity"^^xsd:string ;
gist:stixTerm "identity"^^xsd:string ;
.

gist:_ReportType_indicator
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of one or more indicators and related information."""^^xsd:string ;
skos:prefLabel "Indicator"^^xsd:string ;
gist:stixTerm "indicator"^^xsd:string ;
.

gist:_ReportType_intrusion-set
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of one or more intrusion sets and related information."""^^xsd:string ;
skos:prefLabel "Intrusion Set"^^xsd:string ;
gist:stixTerm "intrusion-set"^^xsd:string ;
.

gist:_ReportType_malware
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of one or more malware instances and related information."""^^xsd:string ;
skos:prefLabel "Malware"^^xsd:string ;
gist:stixTerm "malware"^^xsd:string ;
.

gist:_ReportType_observed-data
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of observed data and related information."""^^xsd:string ;
skos:prefLabel "Observed Data"^^xsd:string ;
gist:stixTerm "observed-data"^^xsd:string ;
.

gist:_ReportType_threat-actor
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of one or more threat actors and related information."""^^xsd:string ;
skos:prefLabel "Threat Actor"^^xsd:string ;
gist:stixTerm "threat-actor"^^xsd:string ;
.

gist:_ReportType_threat-report
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a broad characterization of a threat across multiple facets."""^^xsd:string ;
skos:prefLabel "Threat Report"^^xsd:string ;
gist:stixTerm "threat-report"^^xsd:string ;
.

gist:_ReportType_tool
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of one or more tools and related information."""^^xsd:string ;
skos:prefLabel "Tool"^^xsd:string ;
gist:stixTerm "tool"^^xsd:string ;
.

gist:_ReportType_vulnerability
a gist:ReportType ;
skos:definition """STIX 2.1 Description:
Report subject is a characterization of one or more vulnerabilities and related information."""^^xsd:string ;
skos:prefLabel "Vulnerability"^^xsd:string ;
gist:stixTerm "vulnerability"^^xsd:string ;
.

gist:_StixRegion_africa
a gist:StixRegion ;
skos:definition "The STIX tag for the Africa region."^^xsd:string ;
Expand Down