Browse Source

Add validators for vocabularies and misp

pull/76/head
Raphaël Vinot 3 years ago
parent
commit
6866b158b1
10 changed files with 130 additions and 17 deletions
  1. +2
    -2
      schema_clusters.json
  2. +2
    -2
      schema_galaxies.json
  3. +31
    -0
      schema_misp.json
  4. +58
    -0
      schema_vocabularies.json
  5. +27
    -3
      validate_all.sh
  6. +2
    -2
      vocabularies/threat-actor/intended-effect.json
  7. +2
    -2
      vocabularies/threat-actor/motivation.json
  8. +2
    -2
      vocabularies/threat-actor/planning-and-operational-support.json
  9. +2
    -2
      vocabularies/threat-actor/sophistication.json
  10. +2
    -2
      vocabularies/threat-actor/type.json

+ 2
- 2
schema_clusters.json View File

@@ -1,7 +1,7 @@
{
"$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-galaxies",
"id": "https://www.github.com/MISP/misp-galaxies/schema.json",
"title": "Validator for misp-galaxies - Clusters",
"id": "https://www.github.com/MISP/misp-galaxies/schema_clusters.json",
"type": "object",
"additionalProperties": false,
"properties": {


+ 2
- 2
schema_galaxies.json View File

@@ -1,7 +1,7 @@
{
"$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-galaxies",
"id": "https://www.github.com/MISP/misp-galaxies/schema.json",
"title": "Validator for misp-galaxies - Galaxies",
"id": "https://www.github.com/MISP/misp-galaxies/schema_galaxies.json",
"type": "object",
"additionalProperties": false,
"properties": {


+ 31
- 0
schema_misp.json View File

@@ -0,0 +1,31 @@
{
"$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-galaxies - MISP",
"id": "https://www.github.com/MISP/misp-galaxies/schema_misp.json",
"type": "object",
"additionalProperties": false,
"properties": {
"elements_url": {
"type": "string"
},
"default_predicate_value_in": {
"type": "string"
},
"default_predicate_value": {
"type": "string"
},
"cluster_url": {
"type": "string"
},
"predicate_in": {
"type": "string"
}
},
"required": [
"elements_url",
"default_predicate_value_in",
"default_predicate_value",
"cluster_url",
"predicate_in"
]
}

+ 58
- 0
schema_vocabularies.json View File

@@ -0,0 +1,58 @@
{
"$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-galaxies - Vocabularies",
"id": "https://www.github.com/MISP/misp-galaxies/schema_vocabularies.json",
"type": "object",
"additionalProperties": false,
"properties": {
"version": {
"type": "integer"
},
"description": {
"type": "string"
},
"source": {
"type": "string"
},
"author": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
}
},
"uuid": {
"type": "string"
},
"stix": {
"type": "string"
},
"type": {
"type": "string"
},
"values": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"description": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"version",
"description",
"author",
"uuid",
"type",
"values"
]
}

+ 27
- 3
validate_all.sh View File

@@ -9,7 +9,7 @@
# Check Jsons format, and beautify
./jq_all_the_things.sh
rc=$?
if [[ $rc != 0 ]]; then
if [[ $rc != 0 ]]; then
exit $rc
fi

@@ -30,7 +30,7 @@ do
echo -n "${dir}: "
jsonschema -i ${dir} schema_clusters.json
rc=$?
if [[ $rc != 0 ]]; then
if [[ $rc != 0 ]]; then
echo "Error on ${dir}"
exit $rc
fi
@@ -42,7 +42,31 @@ do
echo -n "${dir}: "
jsonschema -i ${dir} schema_galaxies.json
rc=$?
if [[ $rc != 0 ]]; then
if [[ $rc != 0 ]]; then
echo "Error on ${dir}"
exit $rc
fi
echo ''
done

for dir in misp/*.json
do
echo -n "${dir}: "
jsonschema -i ${dir} schema_misp.json
rc=$?
if [[ $rc != 0 ]]; then
echo "Error on ${dir}"
exit $rc
fi
echo ''
done

for dir in vocabularies/*/*.json
do
echo -n "${dir}: "
jsonschema -i ${dir} schema_vocabularies.json
rc=$?
if [[ $rc != 0 ]]; then
echo "Error on ${dir}"
exit $rc
fi


+ 2
- 2
vocabularies/threat-actor/intended-effect.json View File

@@ -91,10 +91,10 @@
"value": "Unauthorized Access"
}
],
"version" : 1,
"version" : 2,
"description": "The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor",
"source": "STIX 1.0",
"author": "STIX",
"author": ["STIX"],
"uuid": "b6975c96-296a-48cf-9006-034ed102bc85",
"stix": "1.2.1",
"type": "threat-actor-intended-effect-vocabulary"


+ 2
- 2
vocabularies/threat-actor/motivation.json View File

@@ -56,10 +56,10 @@
"description": "The threat actor is motivated by the desire to exercise some political advantage."
}
],
"version" : 1,
"version" : 2,
"description": "The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.",
"source": "STIX 1.0",
"author": "STIX",
"author": ["STIX"],
"uuid": "74183277-5ee6-436a-9859-cb16fb3f21e2",
"stix": "1.2.1",
"type": "threat-actor-motivation-vocabulary"


+ 2
- 2
vocabularies/threat-actor/planning-and-operational-support.json View File

@@ -67,9 +67,9 @@
"value": "Skill Development / Recruitment - University Programs"
}
],
"version" : 1,
"version" : 2,
"description": "The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.",
"author": "STIX",
"author": ["STIX"],
"source": "STIX 1.0",
"stix": "1.0.1",
"uuid": "f91f69d2-fcd0-45f2-baeb-4f79f9458da7",


+ 2
- 2
vocabularies/threat-actor/sophistication.json View File

@@ -17,9 +17,9 @@
"description": "Demonstrates a nascent capability. A novice has basic computer skills and likely requires the assistance of a Practitioner or higher to engage in hacking activity. He uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet and lacks the ability to conduct his own reconnaissance and targeting research."
}
],
"version" : 1,
"version" : 2,
"description": "The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.",
"author": "STIX",
"author": ["STIX"],
"uuid": "fcaf1309-28c4-4d09-b56f-84d6cf6afbb3",
"stix": "1.0",
"type": "threat-actor-sophistication-vocabulary"


+ 2
- 2
vocabularies/threat-actor/type.json View File

@@ -52,10 +52,10 @@
"value": "Disgruntled Customer / User"
}
],
"version": 1,
"version": 2,
"uuid": "3d7dc2ee-ca54-4a5e-96a3-2e7cba0ffe95",
"description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.",
"author": "STIX",
"author": ["STIX"],
"source": "STIX 1.0",
"stix": "1.0",
"type": "threat-actor-type-vocabulary"


Loading…
Cancel
Save