1. Home
  2. Entities
  3. Classes
  4. investigation:Investigation

investigation:Investigation leaf node

URI

https://ontology.caseontology.org/case/investigation/Investigation

Label

Investigation

Description

An investigation is a grouping of characteristics unique to an exploration of the facts involved in a cyber-relevant set of suspicious activity.

Superclasses (4)

  • core:ContextualCompilation
  • core:Compilation
  • core:UcoObject
  • core:UcoThing

    • Shapes (1)

  • investigation:Investigation

    • Usage

    Instances of investigation:Investigation can have the following properties:

    PROPERTYTYPEDESCRIPTIONRANGE
    From class core:UcoObject
    investigation:wasDerivedFrom owl:ObjectProperty A re-implementation of the wasDerivedFrom property in W3C PROV-O. The definition of this property is 'A derivation is a transformation of an entity into another, an update of an entity resulting in a new one, or the construction of a new entity based on a pre-existing entity.' [Ref: https://www.w3.org/TR/prov-o/#wasDerivedFrom] core:UcoObject
    From class owl:Thing
    types:threadNextItem owl:ObjectProperty The link to a next item in a thread. owl:Thing
    types:threadPreviousItem owl:ObjectProperty A direct link to a previous item in a thread. owl:Thing

    Property Shapes

    By the associated SHACL property shapes, instances of investigation:Investigation can have the following properties:

    PROPERTY

    PROPERTY TYPE

    DESCRIPTION

    MIN COUNT

    MAX COUNT

    LOCAL RANGE
    (type range for property on this class)

    GLOBAL RANGE
    (type range for property globally)
    investigation:Investigation
    core:endTime owl:DatatypeProperty The ending time of a time range.
    		1 xsd:dateTime
    		xsd:dateTime
    core:startTime owl:DatatypeProperty The initial time of a time range.
    		1 xsd:dateTime
    		xsd:dateTime
    investigation:focus owl:DatatypeProperty Specifies the topical focus of an investigation.
    		xsd:string
    		xsd:string
    investigation:investigationForm owl:DatatypeProperty A label categorizing a type of investigation (case, incident, suspicious-activity, etc.)
    		1 vocab:InvestigationFormVocab
    		owl:Thing
    investigation:investigationStatus owl:DatatypeProperty A label characterizing the status of an investigation (open, closed, etc.).
    		1 xsd:string
    		xsd:string
    investigation:relevantAuthorization owl:ObjectProperty Specifies an authorization relevant to a particular investigation.
    		investigation:Authorization
    		investigation:Authorization
    core:ContextualCompilation
    core:object owl:ObjectProperty Specifies one or more UcoObjects.
    		1 core:UcoObject
    		core:UcoObject
    core:UcoObject
    core:createdBy owl:ObjectProperty The identity that created a characterization of a concept.
    		1 core:IdentityAbstraction
    		core:IdentityAbstraction
    core:description owl:DatatypeProperty A description of a particular concept characterization.
    		xsd:string
    		xsd:string
    core:externalReference owl:ObjectProperty Specifies a reference to a resource outside of the UCO.
    		0 core:ExternalReference
    		core:ExternalReference
    core:hasFacet owl:InverseFunctionalProperty Further sets of properties characterizing a concept based on the particular context of the class and of the particular instance of the concept being characterized.
    		core:Facet
    		core:Facet
    core:modifiedTime owl:DatatypeProperty Specifies the time that this particular version of the object was modified. The object creator can use the time it deems most appropriate as the time this version of the object was modified. The value of the modified property for a given object version MUST be later than or equal to the value of the created property. Object creators MUST update the modified property when creating a new version of an object. The modified timestamp MUST be precise to the nearest millisecond (exactly three digits after the decimal place in seconds).
    		xsd:dateTime
    		xsd:dateTime
    core:name owl:DatatypeProperty The name of a particular concept characterization.
    		1 xsd:string
    		xsd:string
    core:objectCreatedTime owl:DatatypeProperty The time at which a characterization of a concept is created. This time pertains to the time of creating the record object, and is not an intrinsic characteristic of the concept.
    		1 xsd:dateTime
    		xsd:dateTime
    core:objectMarking owl:ObjectProperty Marking definitions to be applied to a particular concept characterization in its entirety.
    		core:MarkingDefinitionAbstraction
    		core:MarkingDefinitionAbstraction
    core:specVersion owl:DatatypeProperty The version of UCO ontology or subontology specification used to characterize a concept.
    		1 xsd:string
    		xsd:string
    core:tag owl:DatatypeProperty A generic tag/label.
    		xsd:string
    		xsd:string

    Implementation

    @prefix core: <https://ontology.unifiedcyberontology.org/uco/core/> .
@prefix investigation: <https://ontology.caseontology.org/case/investigation/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix vocab: <https://ontology.caseontology.org/case/vocabulary/> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

investigation:Investigation a owl:Class,
        sh:NodeShape ;
    rdfs:label "Investigation"@en ;
    rdfs:comment "An investigation is a grouping of characteristics unique to an exploration of the facts involved in a cyber-relevant set of suspicious activity."@en ;
    rdfs:subClassOf core:ContextualCompilation ;
    sh:property [ sh:datatype vocab:InvestigationFormVocab ;
            sh:message "Value is outside the default vocabulary InvestigationFormVocab." ;
            sh:path investigation:investigationForm ;
            sh:severity sh:Info ],
        [ sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:or ( [ sh:datatype vocab:InvestigationFormVocab ] [ sh:datatype xsd:string ] ) ;
            sh:path investigation:investigationForm ],
        [ sh:message "Value is not member of the vocabulary InvestigationFormVocab." ;
            sh:or ( [ sh:datatype vocab:InvestigationFormVocab ;
                        sh:in ( "case"^^vocab:InvestigationFormVocab "incident"^^vocab:InvestigationFormVocab "suspicious-activity"^^vocab:InvestigationFormVocab ) ] [ sh:datatype xsd:string ] ) ;
            sh:path investigation:investigationForm ],
        [ sh:class investigation:Authorization ;
            sh:nodeKind sh:BlankNodeOrIRI ;
            sh:path investigation:relevantAuthorization ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path core:endTime ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path core:startTime ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path investigation:investigationStatus ],
        [ sh:datatype xsd:string ;
            sh:nodeKind sh:Literal ;
            sh:path investigation:focus ] ;
    sh:targetClass investigation:Investigation .