https://unifiedcyberontology.org/ontology/uco/observable#NetworkConnectionFacet
A network connection facet is a grouping of characteristics unique to a connection (complete or attempted) accross a digital network (a group of two or more computer systems linked together). [based on https://www.webopedia.com/TERM/N/network.html]
Instances of observable:NetworkConnectionFacet can have the following properties:
| PROPERTY | TYPE | DESCRIPTION | RANGE |
|---|---|---|---|
| From class owl:Thing | |||
| investigation:authorizationIdentifier | owl:DatatypeProperty | The identifier for a particular authorization (e.g. warrant number) | xsd:string |
| investigation:authorizationType | owl:DatatypeProperty | A label categorizing a type of authorization (e.g. warrant) | xsd:string |
| investigation:exhibitNumber | owl:DatatypeProperty | Specifies a unique identifier assigned to a given object at any stage of an investigation to differentiate it from all other objects. | xsd:string |
| investigation:focus | owl:DatatypeProperty | Specifies the topical focus of an investigation. | xsd:string |
| investigation:investigationForm | owl:DatatypeProperty | A label categorizing a type of investigation (case, incident, suspicious-activity, etc.) | vocab:InvestigationFormVocab |
| investigation:investigationStatus | owl:DatatypeProperty | A label characterizing the status of an investigation (open, closed, etc.). | xsd:string |
| investigation:relevantAuthorization | owl:ObjectProperty | Specifies an authorization relevant to a particular investigation. | investigation:Authorization |
| investigation:rootExhibitNumber | owl:DatatypeProperty | Specifies a unique identifier assigned to a given object at the start of its treatment as part of an investigation. The first node in a provenance chain, which can be viewed as a heirarchical tree originating from a single root. | xsd:string |
By the associated SHACL property shapes, instances of observable:NetworkConnectionFacet can have the following properties:
PROPERTY |
PROPERTY TYPE |
DESCRIPTION |
MIN COUNT |
MAX COUNT |
LOCAL RANGE |
GLOBAL RANGE |
|
|---|---|---|---|---|---|---|---|
| observable:NetworkConnectionFacet | |||||||
| observable:destinationPort | owl:DatatypeProperty |
Specifies the destination port used in the connection, as an integer in the range of 0 - 65535.
|
0 | 1 |
xsd:integer
|
xsd:integer
|
|
| observable:dst | owl:ObjectProperty |
Specifies the destination(s) of the network connection.
|
0 | * |
observable:ObservableObject
|
observable:ObservableObject
|
|
| observable:endTime | owl:DatatypeProperty |
|
0 | 1 |
xsd:dateTime
|
xsd:dateTime
|
|
| observable:isActive | owl:DatatypeProperty |
Indicates whether the network connection is still active.
|
0 | 1 |
xsd:boolean
|
xsd:boolean
|
|
| observable:protocols | owl:ObjectProperty |
Specifies the protocols involved in the network connection, along with their corresponding state.
|
0 | 1 |
types:ControlledDictionary
|
types:ControlledDictionary
|
|
| observable:sourcePort | owl:DatatypeProperty |
Specifies the source port used in the connection, as an integer in the range of 0 - 65535.
|
0 | 1 |
xsd:integer
|
xsd:integer
|
|
| observable:src | owl:ObjectProperty |
Specifies the source(s) of the network connection.
|
0 | * |
core:UcoObject
|
core:UcoObject
|
|
| observable:startTime | owl:DatatypeProperty |
|
0 | 1 |
xsd:dateTime
|
xsd:dateTime
|
|
@prefix core: <https://unifiedcyberontology.org/ontology/uco/core#> .
@prefix observable: <https://unifiedcyberontology.org/ontology/uco/observable#> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix types: <https://unifiedcyberontology.org/ontology/uco/types#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
observable:NetworkConnectionFacet a owl:Class,
sh:NodeShape ;
rdfs:label "NetworkConnectionFacet"@en ;
rdfs:comment "A network connection facet is a grouping of characteristics unique to a connection (complete or attempted) accross a digital network (a group of two or more computer systems linked together). [based on https://www.webopedia.com/TERM/N/network.html]"@en ;
rdfs:subClassOf core:Facet ;
sh:property [ sh:class core:UcoObject ;
sh:nodeKind sh:BlankNodeOrIRI ;
sh:path observable:src ],
[ sh:class observable:ObservableObject ;
sh:nodeKind sh:BlankNodeOrIRI ;
sh:path observable:dst ],
[ sh:class types:ControlledDictionary ;
sh:maxCount 1 ;
sh:nodeKind sh:BlankNodeOrIRI ;
sh:path observable:protocols ],
[ sh:datatype xsd:boolean ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:isActive ],
[ sh:datatype xsd:dateTime ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:endTime ],
[ sh:datatype xsd:dateTime ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:startTime ],
[ sh:datatype xsd:integer ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:destinationPort ],
[ sh:datatype xsd:integer ;
sh:maxCount 1 ;
sh:nodeKind sh:Literal ;
sh:path observable:sourcePort ] ;
sh:targetClass observable:NetworkConnectionFacet .