Ivan Kirillov

@chris-counteractive some great thoughts and discussion. I actually helped design and build much of STIX 2.x's SCOs (and CybOX back in the day), so I can speak a bit from...

I added the remaining ATT&CK data source mappings here: https://github.com/d3fend/d3fend-ontology/compare/feature/238-automate-mappings-to-data-sources-in-attack_update-script...ikiril01:d3fend-ontology:feature/238-automate-mappings-to-data-sources-in-attack_update-script Here are some comments on the data sources that didn't have exact mappings. EDIT - strikethrough for those that have...

Added Malware/Malware Repository and related classes for having a more accurate mapping to DS0004: [Added Malware/MalwareRepository classes](https://github.com/ikiril01/d3fend-ontology/commit/eec05d4f76daeeaa75ba806b90ada5b0f9cdabfe) [Updated seeAlso to isDefinedBy for MaliciousSoftware](https://github.com/ikiril01/d3fend-ontology/commit/131ff03f626da03077259b2b757a576df619e255) [Updated DS0004 mapping to MalwareRepository](https://github.com/ikiril01/d3fend-ontology/commit/f40fffa6efd2b45e9544fa495beddf1f839229d0)

Added Disk Image for having a more accurate mapping to DS0007 [Added DiskImage for use with VM images etc.; update DS0007 mapping ac…](https://github.com/ikiril01/d3fend-ontology/commit/e8bc7f80d2d4b5e90239e69af7555a2ecd43f8aa)

In the DBPedia entry for Event Logging (https://dbpedia.org/page/Logging_(software)) they mention as errors etc. being events, so this actually lines up with the ATT&CK data source description for Sensor Health. Accordingly,...

Struggling a bit on how to accurately model Kubernetes Pods (based on https://attack.mitre.org/datasources/DS0014/) in D3FEND. The problem is that pods are an abstraction (i.e., grouping containers that share namespaces and...

> > Struggling a bit on how to accurately model Kubernetes Pods (based on https://attack.mitre.org/datasources/DS0014/) in D3FEND. The problem is that pods are an abstraction (i.e., grouping containers that share...

> > > > Struggling a bit on how to accurately model Kubernetes Pods (based on https://attack.mitre.org/datasources/DS0014/) in D3FEND. The problem is that pods are an abstraction (i.e., grouping containers...

Added Pod and subsequently updated DS0014 mappings to "exactly". https://github.com/ikiril01/d3fend-ontology/blob/feature/238-automate-mappings-to-data-sources-in-attack_update-script/src/ontology/d3fend-protege.ttl#L3800-L3810

Added NamePipe and subsequently updated DS0023 mapping to "exactly". https://github.com/ikiril01/d3fend-ontology/commit/a20ef4967b4041768ef49a83f2763b13b292adfe