“An ontology defines the basic terms and relations comprising the vocabulary of a topic area, as well as the rules for combining terms and relations to define extensions to the vocabulary. ” (Neches R, Fikes R, Finin T, Gruber T, Patil R, Senator T, Swartout WR (1991) “Enabling Technology for Knowledge Sharing” AI Magazine. Winter 1991. 36-56.)
“An ontology is a formal, explicit specification of a shared conceptualization. ” (Studer, Benjamins, Fensel. Knowledge Engineering: Principles and Methods. Data and Knowledge Engineering. 25 (1998) 161-197)
Unified Cyber Ontology (UCO) is a community-developed ontology/model, which is intended to serve as a consistent foundation for standardized information representation across the cyber security domain/ecosystem.
Specific information representations focused on individual cyber security subdomains (cyber investigation, computer/network defense, threat intelligence, malware analysis, vulnerability research, offensive/hack-back operations, etc.) can be be based on UCO and defined as appropriate subsets of UCO constructs.
Through this approach not only are domain-focused representations defined consistently but they also can take advantage of shared APIs and information can flow in an automated fashion across subdomain boundaries.
The purpose of this repository is to provide a foundation for broader community involvement in defining what to represent and how.
The current release of UCO is 1.1.0.
UCO 1.1.0 incorporates required refinements and updates, building on the stable 1.0.0 release. Following SemVer, additive improvements will continue to be accepted, but backwards-incompatible changes will be scheduled only for the 2.0.0 release, which will come after at least 6 months to possibly 12 months.
More detail of improvements is documented in the UCO 1.1.0 release notes.
- (Optional) If you need to re-generate the needed files for loading UCO into Protege tool, run the following command:
bin/create-catalog-v001.xml.sh
- Run your local Protege RDF IDE tool, then
- Choose 'File / Open ...' from the drop-down menu, then
- Go to the './ontology' folder, and then select the 'LoadUCO.ttl' file to open.
- That's it! All the needed UCO ontology files (ttl) will be loaded at once.
- Run the command below and the resulting all-in-one UCL shapes file is 'local_ttl/all-in-one_SHACL-shapes.ttl':
bin/generate_all-in-one_SHACL-shapes.sh
- UCO Ontology
- CASE Onotlogy
- Casework-Examples Github
- Casework-Examples Illustration
- UCO App Docker (SHACL validation + RDF Store + GraphQL (Ultra GraphQL automation) - to be released soon - estimated on 2023-01-31.
- Fully integrated automation as end-to-end pipeline:
- User upload UCO-based ontologies, then
- This docker will call SHACL-validator REST Service, if the compliance (v1.1.0 as latest) is successful,
- Then, the automation will continue to upload / convert the users's RDF/JSON-LD ontologies into RDF Store, i.e., Jena-Fuseki-Docker
- Then, the automation will continue to automatically feed the just-loaded UCO-compliant ontology to UltraGraphQL-docker to automatically convert input into GraphQL schema,
- Then, UltraGraphQL-docker will automatically use the aut-generated GraphQL schma to publish the
live
GraphQL Web REST API service + Web UI for other client applications to start using 'GraphQL' API to query the user's UCO-compliant ontologies. - QED: the entire End-to-End automation!
- Fully integrated automation as end-to-end pipeline:
- RDF Stores:
- UltraGraphQL:
- HyperGrahQL: