MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Add validators for vocabularies and misp

pull/76/head
Raphaël Vinot 2017-07-25 17:39:06 +02:00
parent 8163c7295f
commit 6866b158b1
10 changed files with 130 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
schema_clusters.json
View File

@ -1,7 +1,7 @@
{ {
"$schema": "http://json-schema.org/schema#", "$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-galaxies", "title": "Validator for misp-galaxies - Clusters",
"id": "https://www.github.com/MISP/misp-galaxies/schema.json", "id": "https://www.github.com/MISP/misp-galaxies/schema_clusters.json",
"type": "object", "type": "object",
"additionalProperties": false, "additionalProperties": false,
"properties": { "properties": {

4
schema_galaxies.json
View File

@ -1,7 +1,7 @@
{ {
"$schema": "http://json-schema.org/schema#", "$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-galaxies", "title": "Validator for misp-galaxies - Galaxies",
"id": "https://www.github.com/MISP/misp-galaxies/schema.json", "id": "https://www.github.com/MISP/misp-galaxies/schema_galaxies.json",
"type": "object", "type": "object",
"additionalProperties": false, "additionalProperties": false,
"properties": { "properties": {

31
schema_misp.json Normal file
View File

@ -0,0 +1,31 @@
{
"$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-galaxies - MISP",
"id": "https://www.github.com/MISP/misp-galaxies/schema_misp.json",
"type": "object",
"additionalProperties": false,
"properties": {
"elements_url": {
"type": "string"
},
"default_predicate_value_in": {
"type": "string"
},
"default_predicate_value": {
"type": "string"
},
"cluster_url": {
"type": "string"
},
"predicate_in": {
"type": "string"
}
},
"required": [
"elements_url",
"default_predicate_value_in",
"default_predicate_value",
"cluster_url",
"predicate_in"
]
}

58
schema_vocabularies.json Normal file
View File

@ -0,0 +1,58 @@
{
"$schema": "http://json-schema.org/schema#",
"title": "Validator for misp-galaxies - Vocabularies",
"id": "https://www.github.com/MISP/misp-galaxies/schema_vocabularies.json",
"type": "object",
"additionalProperties": false,
"properties": {
"version": {
"type": "integer"
},
"description": {
"type": "string"
},
"source": {
"type": "string"
},
"author": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
}
},
"uuid": {
"type": "string"
},
"stix": {
"type": "string"
},
"type": {
"type": "string"
},
"values": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"description": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
},
"required": [
"version",
"description",
"author",
"uuid",
"type",
"values"
]
}

30
validate_all.sh
View File

@ -9,7 +9,7 @@
# Check Jsons format, and beautify # Check Jsons format, and beautify
./jq_all_the_things.sh ./jq_all_the_things.sh
rc=$? rc=$?
if [[ $rc != 0 ]]; then if [[ $rc != 0 ]]; then
exit $rc exit $rc
fi fi
@ -30,7 +30,7 @@ do
echo -n "${dir}: " echo -n "${dir}: "
jsonschema -i ${dir} schema_clusters.json jsonschema -i ${dir} schema_clusters.json
rc=$? rc=$?
if [[ $rc != 0 ]]; then if [[ $rc != 0 ]]; then
echo "Error on ${dir}" echo "Error on ${dir}"
exit $rc exit $rc
fi fi
@ -42,7 +42,31 @@ do
echo -n "${dir}: " echo -n "${dir}: "
jsonschema -i ${dir} schema_galaxies.json jsonschema -i ${dir} schema_galaxies.json
rc=$? rc=$?
if [[ $rc != 0 ]]; then if [[ $rc != 0 ]]; then
echo "Error on ${dir}"
exit $rc
fi
echo ''
done
for dir in misp/*.json
do
echo -n "${dir}: "
jsonschema -i ${dir} schema_misp.json
rc=$?
if [[ $rc != 0 ]]; then
echo "Error on ${dir}"
exit $rc
fi
echo ''
done
for dir in vocabularies/*/*.json
do
echo -n "${dir}: "
jsonschema -i ${dir} schema_vocabularies.json
rc=$?
if [[ $rc != 0 ]]; then
echo "Error on ${dir}" echo "Error on ${dir}"
exit $rc exit $rc
fi fi

4
vocabularies/threat-actor/intended-effect.json
View File

@ -91,10 +91,10 @@
"value": "Unauthorized Access" "value": "Unauthorized Access"
} }
], ],
"version" : 1, "version" : 2,
"description": "The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor", "description": "The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor",
"source": "STIX 1.0", "source": "STIX 1.0",
"author": "STIX", "author": ["STIX"],
"uuid": "b6975c96-296a-48cf-9006-034ed102bc85", "uuid": "b6975c96-296a-48cf-9006-034ed102bc85",
"stix": "1.2.1", "stix": "1.2.1",
"type": "threat-actor-intended-effect-vocabulary" "type": "threat-actor-intended-effect-vocabulary"

4
vocabularies/threat-actor/motivation.json
View File

@ -56,10 +56,10 @@
"description": "The threat actor is motivated by the desire to exercise some political advantage." "description": "The threat actor is motivated by the desire to exercise some political advantage."
} }
], ],
"version" : 1, "version" : 2,
"description": "The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.", "description": "The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.",
"source": "STIX 1.0", "source": "STIX 1.0",
"author": "STIX", "author": ["STIX"],
"uuid": "74183277-5ee6-436a-9859-cb16fb3f21e2", "uuid": "74183277-5ee6-436a-9859-cb16fb3f21e2",
"stix": "1.2.1", "stix": "1.2.1",
"type": "threat-actor-motivation-vocabulary" "type": "threat-actor-motivation-vocabulary"

4
vocabularies/threat-actor/planning-and-operational-support.json
View File

@ -67,9 +67,9 @@
"value": "Skill Development / Recruitment - University Programs" "value": "Skill Development / Recruitment - University Programs"
} }
], ],
"version" : 1, "version" : 2,
"description": "The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.", "description": "The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.",
"author": "STIX", "author": ["STIX"],
"source": "STIX 1.0", "source": "STIX 1.0",
"stix": "1.0.1", "stix": "1.0.1",
"uuid": "f91f69d2-fcd0-45f2-baeb-4f79f9458da7", "uuid": "f91f69d2-fcd0-45f2-baeb-4f79f9458da7",

4
vocabularies/threat-actor/sophistication.json
View File

@ -17,9 +17,9 @@
"description": "Demonstrates a nascent capability. A novice has basic computer skills and likely requires the assistance of a Practitioner or higher to engage in hacking activity. He uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet and lacks the ability to conduct his own reconnaissance and targeting research." "description": "Demonstrates a nascent capability. A novice has basic computer skills and likely requires the assistance of a Practitioner or higher to engage in hacking activity. He uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet and lacks the ability to conduct his own reconnaissance and targeting research."
} }
], ],
"version" : 1, "version" : 2,
"description": "The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.", "description": "The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.",
"author": "STIX", "author": ["STIX"],
"uuid": "fcaf1309-28c4-4d09-b56f-84d6cf6afbb3", "uuid": "fcaf1309-28c4-4d09-b56f-84d6cf6afbb3",
"stix": "1.0", "stix": "1.0",
"type": "threat-actor-sophistication-vocabulary" "type": "threat-actor-sophistication-vocabulary"

4
vocabularies/threat-actor/type.json
View File

@ -52,10 +52,10 @@
"value": "Disgruntled Customer / User" "value": "Disgruntled Customer / User"
} }
], ],
"version": 1, "version": 2,
"uuid": "3d7dc2ee-ca54-4a5e-96a3-2e7cba0ffe95", "uuid": "3d7dc2ee-ca54-4a5e-96a3-2e7cba0ffe95",
"description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.", "description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.",
"author": "STIX", "author": ["STIX"],
"source": "STIX 1.0", "source": "STIX 1.0",
"stix": "1.0", "stix": "1.0",
"type": "threat-actor-type-vocabulary" "type": "threat-actor-type-vocabulary"