Add new Event object to uco-investigation #47

sbarnum · 2017-08-25T14:31:10Z

To support broader cyber investigation use cases, we should add a new Event object to uco-investigation.

The Event object would be a direct derivation of uco-core:ContextualCompilation.

It would be defined as "An occurence of some activity characterized by the observables indicating such action occured."

sbarnum · 2019-07-02T04:11:18Z

Event class derived from ContextualCompilation

eventType(string — controlled vocabulary) (1)
-- Specifies the type of event
-startTime(xsd:datetime) (0..1)
-- Specifies the time that the event started.
endTime(xsd:datetime) (0..1)
-- Specifies the time that the event ended.
objects(UcoObject) (0..*)
-- Specifies a reference to an object that is related to this event.
eventAttribute(DictionaryEntry) (0..*)
-- Specifies attributes of the event.
-- This is a temporary catch all for other properties until they are deemed worthy of explicit property definition

DictionaryEntry is a dictionary structure type

key_name (1)
For an instance, only one of the following would be present
-- Key_value(literal) (0..1)
-- Object(UcoObject) (0..1)
-- Dictionary(DictionaryEntry) (for nested dictionaries) (0..1)

ajnelson-nist · 2024-08-12T15:54:42Z

Closing as duplicated by #541 . Implemented in UCO 1.3.0.

sbarnum added the enhancement label Aug 25, 2017

sbarnum added the v0.3.0 label Jul 2, 2019

sbarnum self-assigned this Jul 2, 2019

sbarnum added v0.4.0 and removed v0.3.0 labels Jul 12, 2019

sbarnum added the New Concept Request label Jan 22, 2020

sbarnum added 0.5.0 and removed v0.4.0 labels Feb 18, 2020

ajnelson-nist added this to the UCO 1.3.0 milestone Aug 12, 2024

ajnelson-nist closed this as completed Aug 12, 2024

ajnelson-nist removed the 0.5.0 label Aug 12, 2024

Provide feedback