misp-objects/objects/victim/definition.json

135 lines
3.5 KiB
JSON
Raw Normal View History

{
"attributes": {
"classification": {
"description": "The type of entity being targeted.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"individual",
"group",
"organization",
"class",
"unknown"
],
"ui-priority": 1
},
"description": {
"description": "Description of the victim",
"misp-attribute": "text",
"ui-priority": 1
},
"domain": {
"description": "Domain name of the organisation targeted.",
"misp-attribute": "domain",
"multiple": true,
"ui-priority": 1
},
"email": {
"description": "The email address(es) of the user targeted.",
"misp-attribute": "target-email",
"multiple": true,
"ui-priority": 1
},
"external": {
"description": "External target organisations affected by this attack.",
"misp-attribute": "target-external",
"multiple": true,
"ui-priority": 1
},
"ip-address": {
"description": "IP address(es) of the node targeted.",
"misp-attribute": "ip-dst",
"multiple": true,
"ui-priority": 1
},
"name": {
"description": "The name of the department(s) or organisation(s) targeted.",
"misp-attribute": "target-org",
"multiple": true,
"ui-priority": 1
},
"node": {
"description": "Name(s) of node that was targeted.",
"misp-attribute": "target-machine",
"multiple": true,
"ui-priority": 1
},
"reference": {
"description": "External reference to the victim/case.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"regions": {
"description": "The list of regions or locations from the victim targeted. ISO 3166 should be used.",
"misp-attribute": "target-location",
"multiple": true,
"ui-priority": 1
},
"roles": {
"description": "The list of roles targeted within the victim.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"sectors": {
"description": "The list of sectors that the victim belong to",
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"academia - university",
"aerospace",
2023-02-01 17:40:24 +01:00
"agriculture",
"automotive",
"communications",
"construction",
"defence",
2023-12-05 17:50:38 +01:00
"dissident",
"education",
"energy",
"engineering",
"entertainment",
"financial services",
"government local",
2023-02-01 17:40:24 +01:00
"government national",
"government public services",
2023-02-01 17:40:24 +01:00
"government regional",
"healthcare",
"hospitality leisure",
2023-02-01 17:56:32 +01:00
"information and cultural industries",
"infrastructure",
"insurance",
2023-12-05 17:50:38 +01:00
"international organization",
2023-01-04 18:10:18 +01:00
"legal",
"manufacturing",
"mining",
"non profit",
"pharmaceuticals",
2023-12-05 17:50:38 +01:00
"political party",
"retail",
"technology",
"telecommunications",
2023-12-05 17:50:38 +01:00
"think tank",
"transportation",
"utilities"
],
"ui-priority": 1
},
"user": {
"description": "The username(s) of the user targeted.",
"misp-attribute": "target-user",
"multiple": true,
"ui-priority": 1
}
},
"description": "Victim object describes the target of an attack or abuse.",
"meta-category": "misc",
"name": "victim",
"requiredOneOf": [
"name",
"regions",
"sectors"
],
"uuid": "a8806e40-39ad-435f-be02-ac2a13d6fc7d",
2023-12-05 20:58:22 +01:00
"version": 9
}