Feature Request: Extend OpenCTI Taxonomy with NAICS Codes

[k1r10n]

Use Case

OpenCTI currently supports a good sector classification, but it lacks granularity. Suggesting native support for NAICS (North American Industry Classification System) codes based on the work done here https://github.com/XGREENi3/NAICS2STIX. Integrating NAICS as part of OpenCTI's taxonomy would provide a structured, standardised way to classify industries in threat intelligence.

By leveraging NAICS codes (2-digit, 3-digit, and full 6-digit levels), analysts can:

• Standardise industry sector classification for better attribution of cyber threats.
• Improve correlation of threat actors and malware campaigns targeting specific economic sectors.
• Enhance enrichment capabilities when combining threat intelligence with sector-specific risk analysis.

Current Workaround

Currently, users must manually create custom sector identities in OpenCTI to cover extended use cases.

Proposed Solution

• Extend OpenCTI’s sector taxonomy by integrating NAICS codes at the 2-digit and 3-digit levels (with optional support for more granular levels).
• Map the existent entities to NAICS versions for interoperability and ensure compatibility with STIX 2.1, so that NAICS-based sector identities align with existing OpenCTI data structures.

Additional Information

• The NAICS to STIX 2.1 Converter already provides a structured way to represent NAICS-based sectors.
• Many threat actors target industries at the 2-digit or 3-digit NAICS level, making this taxonomy extension practical for cybersecurity applications.

If the feature request is approved, would you be willing to submit a PR?

Yes / No (Help can be provided if you need assistance submitting a PR).