misp-objects/objects/attack-step/definition.json

83 lines
2.5 KiB
JSON
Raw Normal View History

2022-07-01 16:43:22 +02:00
{
"attributes": {
2022-07-01 16:47:23 +02:00
"command-line": {
"description": "Command line used to execute attack step, if any.",
"misp-attribute": "text",
"multiple": true,
2022-07-01 16:43:22 +02:00
"ui-priority": 1
},
2022-07-01 16:47:23 +02:00
"description": {
"description": "Description of the attack step",
2022-07-01 16:43:22 +02:00
"misp-attribute": "text",
"ui-priority": 1
},
2022-07-01 16:47:23 +02:00
"detections": {
"description": "Detections by the victim's monitoring capabilities.",
"misp-attribute": "text",
2022-07-01 16:43:22 +02:00
"ui-priority": 1
},
"dst-domain": {
"description": "Domain destination of the attack step, if any.",
2022-07-01 16:59:03 +02:00
"disable_correlation": true,
2022-07-01 16:43:22 +02:00
"misp-attribute": "domain",
2022-07-01 16:47:23 +02:00
"ui-priority": 1
},
"dst-ip": {
"description": "IP destination of the attack step, if any.",
2022-07-01 16:59:03 +02:00
"disable_correlation": true,
2022-07-01 16:47:23 +02:00
"misp-attribute": "ip-dst",
2022-07-01 16:43:22 +02:00
"ui-priority": 1
},
"dst-misc": {
"description": "Other type of source of the attack step, if any. This can be e.g. localhost.",
"misp-attribute": "text",
"ui-priority": 1
},
2022-07-01 16:47:23 +02:00
"expected-response": {
"description": "Response or detection expected (in case of purple teaming)",
2022-07-01 16:43:22 +02:00
"misp-attribute": "text",
"ui-priority": 1
},
"key-step": {
"description": "Was this attack step object a key step within the context of the incident/event?",
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
2022-07-01 16:47:23 +02:00
"source-domain": {
"description": "Domain source of the attack step, if any.",
"misp-attribute": "domain",
2022-07-01 16:43:22 +02:00
"ui-priority": 1
},
2022-07-01 16:47:23 +02:00
"source-ip": {
"description": "IP source of the attack step, if any.",
"misp-attribute": "ip-src",
"ui-priority": 1
},
"source-misc": {
"description": "Other type of source of the attack step, if any. This can be e.g. rotating ip from cloud providers such as AWS, or localhost.",
2022-07-01 16:43:22 +02:00
"misp-attribute": "text",
"ui-priority": 1
2022-07-01 16:47:23 +02:00
},
"succesful": {
"description": "Was this attack step succesful?",
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
2022-07-01 16:43:22 +02:00
}
},
"description": "An object defining a singular attack-step. Especially useful for red/purple teaming, but can also be used for actual attacks.",
"meta-category": "misc",
"name": "attack-step",
"requiredOneOf": [
"description"
],
"uuid": "F86CD6C4-B89D-454A-95C1-165D456D8A74",
"version": 1
}