Feature Request: Extend OpenCTI Taxonomy with NAICS Codes #22
Description
Use Case
OpenCTI currently supports a good sector classification, but it lacks granularity. Suggesting native support for NAICS (North American Industry Classification System) codes based on the work done here https://github.com/XGREENi3/NAICS2STIX. Integrating NAICS as part of OpenCTI's taxonomy would provide a structured, standardised way to classify industries in threat intelligence.
By leveraging NAICS codes (2-digit, 3-digit, and full 6-digit levels), analysts can:
- Standardise industry sector classification for better attribution of cyber threats.
- Improve correlation of threat actors and malware campaigns targeting specific economic sectors.
- Enhance enrichment capabilities when combining threat intelligence with sector-specific risk analysis.
Current Workaround
Currently, users must manually create custom sector identities in OpenCTI to cover extended use cases.
Proposed Solution
- Extend OpenCTI’s sector taxonomy by integrating NAICS codes at the 2-digit and 3-digit levels (with optional support for more granular levels).
- Map the existent entities to NAICS versions for interoperability and ensure compatibility with STIX 2.1, so that NAICS-based sector identities align with existing OpenCTI data structures.
Additional Information
- The NAICS to STIX 2.1 Converter already provides a structured way to represent NAICS-based sectors.
- Many threat actors target industries at the 2-digit or 3-digit NAICS level, making this taxonomy extension practical for cybersecurity applications.
If the feature request is approved, would you be willing to submit a PR?
Yes / No (Help can be provided if you need assistance submitting a PR).