diff --git a/ontology/uco/observable/observable.ttl b/ontology/uco/observable/observable.ttl index cf42d85c..6864729d 100644 --- a/ontology/uco/observable/observable.ttl +++ b/ontology/uco/observable/observable.ttl @@ -418,7 +418,7 @@ observable:Application owl:Class , sh:NodeShape ; - rdfs:subClassOf observable:ObservableObject ; + rdfs:subClassOf observable:Software ; rdfs:label "Application"@en ; rdfs:comment "An application is a particular software program designed for end users."@en ; sh:targetClass observable:Application ; @@ -858,6 +858,15 @@ observable:BrowserCookieFacet sh:targetClass observable:BrowserCookieFacet ; . +observable:BuildUtility + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Software ; + rdfs:comment "A Build Utility is a software-based tool that automates portions or all of the process of creating executable software from source code."@en ; + . + observable:Calendar a owl:Class , @@ -1194,12 +1203,21 @@ observable:Code owl:Class , sh:NodeShape ; - rdfs:subClassOf observable:ObservableObject ; + rdfs:subClassOf observable:Software ; rdfs:label "Code"@en ; rdfs:comment "Code is a direct representation (source, byte or binary) of a collection of computer instructions that form software which tell a computer how to work. [based on https://en.wikipedia.org/wiki/Software]"@en ; sh:targetClass observable:Code ; . +observable:Compiler + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Software ; + rdfs:comment "A Compiler is a software program that translates source code written in a high-level language (e.g., C++, Python, Java) into machine code that can be understood and executed by a computer processor."@en ; + . + observable:CompressedStreamFacet a owl:Class , @@ -2209,6 +2227,15 @@ observable:DefinedEffectFacet sh:targetClass observable:DefinedEffectFacet ; . +observable:DeploymentScript + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Script ; + rdfs:comment "A Deployment Script is a software script used to deploy artifacts, packages, modules, patches, or other resources into an intended execution environment."@en ; + . + observable:Device a owl:Class , @@ -3966,7 +3993,7 @@ observable:Library owl:Class , sh:NodeShape ; - rdfs:subClassOf observable:ObservableObject ; + rdfs:subClassOf observable:Software ; rdfs:label "Library"@en ; rdfs:comment "A library is a suite of data and programming code that is used to develop software programs and applications. [based on https://www.techopedia.com/definition/3828/software-library]"@en ; sh:targetClass observable:Library ; @@ -3989,6 +4016,26 @@ observable:LibraryFacet sh:targetClass observable:LibraryFacet ; . +observable:LinuxService + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Service ; + rdfs:label "LinuxService"@en ; + rdfs:comment "A Linux Service (often referred to as a daemon) is a Service running within a Linux operating system, similar to the way a Windows Service runs on Windows."@en ; + sh:targetClass observable:LinuxService ; + . + +observable:LinuxTask + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Task ; + rdfs:comment "A Linux Task is a set of software computer instructions loaded into memory with the potential to be scheduled for execution within the Linux operating system."@en ; + . + observable:MACAddress a owl:Class , @@ -5275,6 +5322,15 @@ observable:PUK rdfs:range xsd:string ; . +observable:Package + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Software ; + rdfs:comment "A Package is a body of software consisting of a collection of individual software (programs, libraries, files, etc.) packaged together to collectively serve a broader purpose."@en ; + . + observable:PathRelationFacet a owl:Class , @@ -5357,9 +5413,9 @@ observable:Process owl:Class , sh:NodeShape ; - rdfs:subClassOf observable:ObservableObject ; + rdfs:subClassOf observable:Software ; rdfs:label "Process"@en ; - rdfs:comment "A process is an instance of a computer program executed on an operating system."@en ; + rdfs:comment "A Process is an instance of a software program that is being executed within a scope having dedicated memory, address space, execution variables, code instructions, state, security info, file handles, etc. Process execution consists of one or more component threads sharing the process resources."@en ; sh:targetClass observable:Process ; . @@ -5452,9 +5508,9 @@ observable:ProcessThread owl:Class , sh:NodeShape ; - rdfs:subClassOf observable:ObservableObject ; + rdfs:subClassOf observable:Software ; rdfs:label "ProcessThread"@en ; - rdfs:comment "A process thread is the smallest sequence of programmed instructions that can be managed independently by a scheduler on a computer, which is typically a part of the operating system. It is a component of a process. Multiple threads can exist within one process, executing concurrently and sharing resources such as memory, while different processes do not share these resources. In particular, the threads of a process share its executable code and the values of its dynamically allocated variables and non-thread-local global variables at any given time. [based on https://en.wikipedia.org/wiki/Thread_(computing)]"@en ; + rdfs:comment "A Process Thread is the smallest sequence of programmed instructions that can be managed independently by a scheduler on a computer, which is typically a part of the operating system. It is a scheduled running instantiation of one or more tasks (including CPU flags, counters, timers, stack, etc.) as a component of a process. Multiple threads can exist within one process, executing concurrently and sharing resources such as memory, while different processes do not share these resources. In particular, the threads of a process share its executable code and the values of its dynamically allocated variables and non-thread-local global variables at any given time. [based on https://en.wikipedia.org/wiki/Thread_(computing)]"@en ; sh:targetClass observable:ProcessThread ; . @@ -6027,6 +6083,15 @@ observable:SQLiteBlobFacet sh:targetClass observable:SQLiteBlobFacet ; . +observable:Script + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Software ; + rdfs:comment "A Script is a software consisting of computer instructions that can be interpreted and executed in real-time (typically by an interpreter rather than directly by a computer processor) without requiring advance compilation."@en ; + . + observable:SecurityAppliance a owl:Class , @@ -6077,6 +6142,24 @@ observable:Server sh:targetClass observable:Server ; . +observable:Service + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Process ; + rdfs:comment "A Service is a process that runs in the background rather than under the control of an interactive user. Services are typically long-running and can be configured to start when the operating system starts and continue as long as the operating system is running."@en ; + . + +observable:ServicePack + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Software ; + rdfs:comment "A Service Pack is a software consisting of a collection of software updates or fixes (patches) for a software delivered as an aggregated single package for ease of installation."@en ; + . + observable:ShopListing a owl:Class , @@ -6158,6 +6241,15 @@ observable:Software sh:targetClass observable:Software ; . +observable:SoftwareBuild + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Software ; + rdfs:comment "A Software Build is a particular executable version of software that has been created from source code and is ready for testing or deployment."@en ; + . + observable:SoftwareFacet a owl:Class , @@ -6440,6 +6532,15 @@ observable:Tablet sh:targetClass observable:Tablet ; . +observable:Task + a + owl:Class , + sh:NodeShape + ; + rdfs:subClassOf observable:Software ; + rdfs:comment "A Task is a set of software computer instructions loaded into memory with the potential to be scheduled for execution."@en ; + . + observable:TaskActionType a owl:Class , @@ -8487,9 +8588,9 @@ observable:WindowsService owl:Class , sh:NodeShape ; - rdfs:subClassOf observable:ObservableObject ; + rdfs:subClassOf observable:Service ; rdfs:label "WindowsService"@en ; - rdfs:comment "A Windows service is a specific Windows service (a computer program that operates in the background of a Windows operating system, similar to the way a UNIX daemon runs on UNIX). [based on https://en.wikipedia.org/wiki/Windows_service]"@en ; + rdfs:comment "A Windows Service is a Service running within a Windows operating system, similar to the way a UNIX daemon runs on UNIX. [based on https://en.wikipedia.org/wiki/Windows_service]"@en ; sh:targetClass observable:WindowsService ; . @@ -8612,9 +8713,9 @@ observable:WindowsTask owl:Class , sh:NodeShape ; - rdfs:subClassOf observable:ObservableObject ; + rdfs:subClassOf observable:Task ; rdfs:label "WindowsTask"@en ; - rdfs:comment "A Windows task is a process that is scheduled to execute on a Windows operating system by the Windows Task Scheduler. [based on http://msdn.microsoft.com/en-us/library/windows/desktop/aa381311(v=vs.85).aspx]"@en ; + rdfs:comment "A Windows Task is a set of software computer instructions loaded into memory with the potential to be scheduled for execution within the Windows operating system."@en ; sh:targetClass observable:WindowsTask ; . @@ -8885,7 +8986,7 @@ observable:WindowsThread ; rdfs:subClassOf observable:ProcessThread ; rdfs:label "WindowsThread"@en ; - rdfs:comment "A Windows thread is a single thread of execution within a Windows process."@en ; + rdfs:comment "A Windows thread is a Process Thread within a Windows process."@en ; sh:targetClass observable:WindowsThread ; . diff --git a/tests/examples/test_validation.py b/tests/examples/test_validation.py index faea131f..830ffbd8 100644 --- a/tests/examples/test_validation.py +++ b/tests/examples/test_validation.py @@ -448,6 +448,12 @@ def test_observable_creation_time_XFAIL() -> None: confirm_validation_results( "observable_creation_time_XFAIL_validation.ttl", False, + expected_focus_node_severities={ + ( + "http://example.org/kb/windows-thread-facet-4967ae35-f00b-49c8-9dd2-38e3bdf851e1", + str(NS_SH.Violation) + ) + } ) def test_operating_system_PASS() -> None: