STONES & STONEWORK

STONEWORK is an open ontology for cyber threat intelligence, built as ground truth for AI-driven analysis and knowledge graph platforms. It aligns with established CTI framework ontologies — including STONES (STIX 2.1), MITRE ATT&CK, CAPEC, CWE, CVE, and CPE — as authoritative reference vocabularies.

What is STONEWORK?

STONEWORK is a structured knowledge model — an OWL 2 ontology — that represents the full cyber threat landscape analysts work with: threat actors, campaigns, malware, indicators, attack patterns, vulnerabilities, adversary techniques, software weaknesses, security controls, threat scenarios, and the risk they produce.

Where STIX 2.1 defines what can be exchanged between CTI platforms, STONEWORK defines what analysts reason over. It adds the operational context intelligence alone doesn’t carry: adversary techniques from MITRE ATT&CK, software weaknesses from CWE, and defensive controls from frameworks such as NIST SP 800-53 — turning raw intelligence into actionable knowledge.

STONEWORK is designed for the way modern AI systems reason. Tools like knowledge graphs, graph databases, and GraphRAG pipelines work best with data that has formal, queryable structure — where relationships are first-class and reasoning across domains is possible. STONEWORK provides that structure as ground truth, not as a layer bolted onto an exchange format.

What is STONES?

STONES is a framework ontology maintained alongside STONEWORK — a faithful OWL representation of the OASIS STIX 2.1 standard, playing the same role for STIX that CWE, CAPEC, and CVE play for their own domains: an independently versioned, authoritative reference vocabulary that other ontologies align with, rather than a base that gets imported and extended.

Every STIX domain object, observable, and relationship in STONES is represented as a formal class or property, with the semantics of STIX 2.1 preserved exactly — nothing reinterpreted. STONEWORK maps into STONES the same way it maps into ATT&CK, CWE, and CAPEC: as a peer reference, not a dependency.

Note: STONES is independent work and is not affiliated with OASIS or the OASIS Cyber Threat Intelligence Technical Committee (CTI-TC), which develops and maintains the STIX 2.1 standard.

STONEWORK and STONES are complementary but independent. STONEWORK is the ground-truth ontology CyberTerrain is built on; STONES anchors that model to the STIX 2.1 vocabulary the CTI community already knows — one of several framework ontologies that give STONEWORK the structured terrain AI-assisted analysis depends on.