misp-objects/objects/email/definition.json

266 lines
6.6 KiB
JSON
Raw Normal View History

2016-12-07 16:06:52 +01:00
{
2017-02-13 11:18:42 +01:00
"attributes": {
"attachment": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
],
"description": "Attachment",
"misp-attribute": "email-attachment",
"multiple": true,
"ui-priority": 0
2017-02-13 11:18:42 +01:00
},
"bcc": {
"categories": [
"Payload delivery"
2021-10-23 09:58:55 +02:00
],
"description": "Blind carbon copy",
"disable_correlation": true,
"misp-attribute": "email-dst",
"multiple": true,
"ui-priority": 1
},
"bcc-display-name": {
"categories": [
"Payload delivery"
],
"description": "Display name of the blind carbon copy",
"misp-attribute": "email-dst-display-name",
"multiple": true,
"ui-priority": 1
},
"cc": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
],
"description": "Carbon copy",
2018-05-03 20:49:48 +02:00
"disable_correlation": true,
"misp-attribute": "email-dst",
"multiple": true,
"ui-priority": 1
},
"cc-display-name": {
"categories": [
"Payload delivery"
],
"description": "Display name of the carbon copy",
"misp-attribute": "email-dst-display-name",
"multiple": true,
"ui-priority": 1
},
"email-body": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
],
"description": "Body of the email",
"disable_correlation": true,
"misp-attribute": "email-body",
"multiple": true,
"ui-priority": 1
2017-02-13 11:18:42 +01:00
},
"eml": {
"description": "Full EML",
2018-05-03 20:49:48 +02:00
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 1
},
"from": {
2017-09-27 16:43:21 +02:00
"categories": [
"Payload delivery"
],
"description": "Sender email address",
"misp-attribute": "email-src",
"multiple": true,
"ui-priority": 1
2017-09-27 16:43:21 +02:00
},
"from-display-name": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
],
"description": "Display name of the sender",
"misp-attribute": "email-src-display-name",
"multiple": true,
"ui-priority": 1
2017-02-13 11:18:42 +01:00
},
"from-domain": {
"categories": [
"Payload delivery"
],
"description": "Sender domain address (when only the source domain is known)",
"misp-attribute": "domain",
"multiple": true,
"ui-priority": 1
},
"header": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
],
"description": "Full headers",
2018-05-03 20:49:48 +02:00
"disable_correlation": true,
"misp-attribute": "email-header",
"multiple": true,
"ui-priority": 0
},
"ip-src": {
"description": "Source IP address of the email sender",
"misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 0
},
"message-id": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
],
"description": "Message ID",
"disable_correlation": true,
"misp-attribute": "email-message-id",
"ui-priority": 0
2017-02-13 11:18:42 +01:00
},
"mime-boundary": {
"categories": [
"Payload delivery"
],
"description": "MIME Boundary",
"disable_correlation": true,
"misp-attribute": "email-mime-boundary",
"ui-priority": 0
},
2020-12-20 10:37:14 +01:00
"msg": {
"description": "Full MSG",
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 1
},
"received-header-hostname": {
"description": "Extracted hostname from parsed headers",
"misp-attribute": "hostname",
"multiple": true,
"ui-priority": 0
},
"received-header-ip": {
"description": "Extracted IP address from parsed headers",
"misp-attribute": "ip-src",
"multiple": true,
"ui-priority": 0
},
"reply-to": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
],
"description": "Email address the reply will be sent to",
"misp-attribute": "email-reply-to",
"multiple": true,
"ui-priority": 1
2017-02-13 11:18:42 +01:00
},
"reply-to-display-name": {
"categories": [
"Payload delivery"
],
"description": "Display name of the email address the reply will be sent to",
"misp-attribute": "email-dst-display-name",
"multiple": true,
"ui-priority": 1
},
"return-path": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
2017-03-15 07:42:14 +01:00
],
"description": "Message return path",
"misp-attribute": "email-src",
"ui-priority": 1
2017-02-13 11:18:42 +01:00
},
"screenshot": {
2017-02-13 11:18:42 +01:00
"categories": [
"External analysis"
],
"description": "Screenshot of email",
2018-05-03 20:49:48 +02:00
"disable_correlation": true,
"misp-attribute": "attachment",
"ui-priority": 1
2017-02-13 11:18:42 +01:00
},
"send-date": {
2017-02-13 11:18:42 +01:00
"categories": [
"Other"
],
"description": "Date the email has been sent",
"disable_correlation": true,
"misp-attribute": "datetime",
"ui-priority": 0
2017-02-13 11:18:42 +01:00
},
"subject": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
],
"description": "Subject",
"misp-attribute": "email-subject",
"multiple": true,
"ui-priority": 1
2017-02-13 11:18:42 +01:00
},
"thread-index": {
2017-09-25 20:37:02 +02:00
"categories": [
"Payload delivery"
],
"description": "Identifies a particular conversation thread",
"disable_correlation": true,
"misp-attribute": "email-thread-index",
"ui-priority": 0
2017-09-25 20:37:02 +02:00
},
"to": {
2017-02-13 11:18:42 +01:00
"categories": [
"Payload delivery"
],
"description": "Destination email address",
2018-05-03 20:49:48 +02:00
"disable_correlation": true,
"misp-attribute": "email-dst",
"multiple": true,
"ui-priority": 1
},
"to-display-name": {
"categories": [
"Payload delivery"
],
"description": "Display name of the receiver",
"misp-attribute": "email-dst-display-name",
"multiple": true,
"ui-priority": 1
2018-04-27 14:20:10 +02:00
},
2018-05-03 20:49:48 +02:00
"user-agent": {
"description": "User Agent of the sender",
"disable_correlation": true,
2018-05-03 20:49:48 +02:00
"misp-attribute": "text",
"ui-priority": 0
2018-05-03 20:49:48 +02:00
},
"x-mailer": {
"categories": [
"Payload delivery"
],
"description": "X-Mailer generally tells the program that was used to draft and send the original email",
2018-05-03 20:49:48 +02:00
"disable_correlation": true,
"misp-attribute": "email-x-mailer",
"ui-priority": 0
2017-02-13 11:18:42 +01:00
}
},
"description": "Email object describing an email with meta-information",
"meta-category": "network",
"name": "email",
2017-02-13 11:18:42 +01:00
"requiredOneOf": [
"from",
"from-display-name",
"to",
"to-display-name",
"subject",
"attachment",
"message-id",
"reply-to",
2017-02-13 11:18:42 +01:00
"send-date",
"mime-boundary",
"thread-index",
"header",
2017-09-25 20:37:02 +02:00
"x-mailer",
"return-path",
2018-04-27 14:20:10 +02:00
"email-body",
"eml",
"msg"
],
"uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
"version": 18
2021-11-26 14:37:32 +01:00
}