1. Home
  2. Entities
  3. Classes
  4. observable:EventFacet

observable:EventFacet leaf node

URI

https://unifiedcyberontology.org/ontology/uco/observable#EventFacet

Label

EventFacet

Description

An event facet is a grouping of characteristics unique to something that happens in a digital context (e.g., operating system events).

Superclasses (1)

  • core:Facet

    • Shapes (1)

  • observable:EventFacet

    • Usage

    Instances of observable:EventFacet can have the following properties:

    PROPERTYTYPEDESCRIPTIONRANGE
    From class owl:Thing
    investigation:authorizationIdentifier owl:DatatypeProperty The identifier for a particular authorization (e.g. warrant number) xsd:string
    investigation:authorizationType owl:DatatypeProperty A label categorizing a type of authorization (e.g. warrant) xsd:string
    investigation:exhibitNumber owl:DatatypeProperty Specifies a unique identifier assigned to a given object at any stage of an investigation to differentiate it from all other objects. xsd:string
    investigation:focus owl:DatatypeProperty Specifies the topical focus of an investigation. xsd:string
    investigation:investigationForm owl:DatatypeProperty A label categorizing a type of investigation (case, incident, suspicious-activity, etc.) vocab:InvestigationFormVocab
    investigation:investigationStatus owl:DatatypeProperty A label characterizing the status of an investigation (open, closed, etc.). xsd:string
    investigation:relevantAuthorization owl:ObjectProperty Specifies an authorization relevant to a particular investigation. investigation:Authorization
    investigation:rootExhibitNumber owl:DatatypeProperty Specifies a unique identifier assigned to a given object at the start of its treatment as part of an investigation. The first node in a provenance chain, which can be viewed as a heirarchical tree originating from a single root. xsd:string

    Property Shapes

    By the associated SHACL property shapes, instances of observable:EventFacet can have the following properties:

    PROPERTY

    PROPERTY TYPE

    DESCRIPTION

    MIN COUNT

    MAX COUNT

    LOCAL RANGE
    (type range for property on this class)

    GLOBAL RANGE
    (type range for property globally)
    observable:EventFacet
    observable:application owl:ObjectProperty The application associated with this object.
    		1 1 observable:ObservableObject
    		observable:ObservableObject
    observable:computerName owl:DatatypeProperty A name of the computer on which the log entry was created.
    		0 1 xsd:string
    		xsd:string
    observable:cyberAction owl:ObjectProperty The action taken in response to the event.
    		0 1 observable:ObservableAction
    		observable:ObservableAction
    observable:eventID owl:DatatypeProperty The identifier of the event.
    		0 1 xsd:string
    		xsd:string
    observable:eventText owl:DatatypeProperty The textual representation of the event.
    		0 1 xsd:string
    		xsd:string
    observable:eventType owl:DatatypeProperty The type of the event, for example 'information', 'warning' or 'error'.
    		0 1 xsd:string
    		xsd:string
    observable:observableCreatedTime owl:DatatypeProperty The date and time at which the observable object being characterized was created. This time pertains to an intrinsic characteristic of the observable object, and would be consistent across independent characterizations or observations of the observable object.
    		0 1 xsd:dateTime
    		xsd:dateTime

    Implementation

    @prefix core: <https://unifiedcyberontology.org/ontology/uco/core#> .
@prefix observable: <https://unifiedcyberontology.org/ontology/uco/observable#> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

observable:EventFacet a owl:Class,
        sh:NodeShape ;
    rdfs:label "EventFacet"@en ;
    rdfs:comment "An event facet is a grouping of characteristics unique to something that happens in a digital context (e.g., operating system events)."@en ;
    rdfs:subClassOf core:Facet ;
    sh:property [ sh:class observable:ObservableAction ;
            sh:maxCount 1 ;
            sh:nodeKind sh:BlankNodeOrIRI ;
            sh:path observable:cyberAction ],
        [ sh:class observable:ObservableObject ;
            sh:maxCount 1 ;
            sh:minCount 1 ;
            sh:nodeKind sh:BlankNodeOrIRI ;
            sh:path observable:application ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:observableCreatedTime ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:computerName ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:eventID ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:eventText ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:eventType ] ;
    sh:targetClass observable:EventFacet .