Triple
T23312867
| Position | Surface form | Disambiguated ID | Type / Status |
|---|---|---|---|
| Subject | STIX |
E590627
|
entity |
| Predicate | relatedStandard |
P37
|
FINISHED |
| Object | CybOX |
—
|
NE NERFINISHED |
How this triple was built (3 steps)
Every LLM step that produced this triple, in pipeline order — named-entity classification, the disambiguation choices (the exact options shown, with the pick highlighted), and the generated description. The batch + timestamp of each is in the Provenance table below.
NER
Named-entity recognition
gpt-5-mini
Instruction
Given a phrase, classify it is english named entity (e.g., persons, organizations, works of art) in Latin script, or not (e.g., literals, dates, URLs, verbose phrases). For disambiguation, the statement where the phrase occurs as object is also given. Please return a JSON object with `phrase` (string, the phrase being analyzed) and `is_ne` (boolean, indicating whether the phrase is a Named Entity).
Input
Phrase: CybOX | Statement: [STIX, relatedStandard, CybOX]
NED1
Entity disambiguation (via context triple)
gpt-5-mini-2025-08-07
Target entity: CybOX Context triple: [STIX, relatedStandard, CybOX]
-
A.
CSAF
CSAF is the acronym for the highest-ranking officer and principal military advisor in the United States Air Force, the Chief of Staff of the Air Force.
-
B.
OpenText EnCase
OpenText EnCase is a widely used digital forensics and incident response software suite for acquiring, analyzing, and preserving electronic evidence in legal and cybersecurity investigations.
-
C.
ArcSight
ArcSight is a cybersecurity platform specializing in security information and event management (SIEM) to help organizations detect, analyze, and respond to threats.
-
D.
Splunk Phantom
Splunk Phantom is a security orchestration, automation, and response (SOAR) platform that helps security teams automate workflows, investigate threats, and respond to incidents more efficiently.
-
E.
STIX
STIX is a structured language and data format used for representing, sharing, and analyzing cyber threat intelligence across organizations and tools.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
NED2
Entity disambiguation (via description)
gpt-5-mini-2025-08-07
Target entity: CybOX Target entity description: CybOX is a standardized language for representing and sharing structured information about cyber observables, such as events and artifacts, in cybersecurity contexts.
-
A.
CSAF
CSAF is the acronym for the highest-ranking officer and principal military advisor in the United States Air Force, the Chief of Staff of the Air Force.
-
B.
OpenText EnCase
OpenText EnCase is a widely used digital forensics and incident response software suite for acquiring, analyzing, and preserving electronic evidence in legal and cybersecurity investigations.
-
C.
ArcSight
ArcSight is a cybersecurity platform specializing in security information and event management (SIEM) to help organizations detect, analyze, and respond to threats.
-
D.
Splunk Phantom
Splunk Phantom is a security orchestration, automation, and response (SOAR) platform that helps security teams automate workflows, investigate threats, and respond to incidents more efficiently.
-
E.
STIX
chosen
STIX is a structured language and data format used for representing, sharing, and analyzing cyber threat intelligence across organizations and tools.
- F. None of above.
Provenance (2 batches)
The batch behind each pipeline step, in order, with when it ran. Timestamps are batch-level — stages were processed in waves, so the object chain (NER → NED1 → NEDg → NED2) reads in order, but predicate / elicitation batches can sit in a different wave.
| Step | Stage | Batch ID | Status | When |
|---|---|---|---|---|
| creating | Elicitation | batch_69e25d1d32188190948eb76909d1dcc3 |
completed | April 17, 2026, 4:17 p.m. |
| NER | Named-entity recognition | batch_69f1972ca70481909e2415c65964210a |
completed | April 29, 2026, 5:29 a.m. |
Created at: April 17, 2026, 5:06 p.m.