misp-objects/objects/diamond/definition.json

{
  "attributes": {
    "Advesary": {
      "description": "The advesary who attacks the victim",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "Capability": {
      "description": "The capability used to attack the victim",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "Description": {
      "description": "Further context to the event",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "Direction": {
      "description": "The network-based direction of the event",
      "misp-attribute": "text",
      "ui-priority": 0,
      "values_list": [
        "Victim-to-Infrastructure",
        "Infrastructure-to-Victim",
        "Infrastructure-to-Infrastructure",
        "Adversary-to-Infrastructure",
        "Infrastructure-to-Adversary",
        "Bidirectional",
        "Unknown"
      ]
    },
    "EventID": {
      "description": "Id of the event",
      "misp-attribute": "integer",
      "ui-priority": 0
    },
    "Infrastructure": {
      "description": "The infrastructure used in the attack",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "Methodology": {
      "description": "Mitre-Attack mapping of the event",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "Phase": {
      "description": "The event mapped to a phase of the killchain",
      "misp-attribute": "text",
      "ui-priority": 0,
      "values_list": [
        "Reconnaissance",
        "Weaponization",
        "Delivery",
        "Exploitation",
        "Installation",
        "C2",
        "Action on Objectives"
      ]
    },
    "Resources": {
      "description": "The resources the attacker needed for the event to succeed",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "Result": {
      "description": "The result of the event",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "Timestamp": {
      "description": "Timestamp when the event happened",
      "misp-attribute": "datetime",
      "ui-priority": 0
    },
    "Victim": {
      "description": "The attacked victim",
      "misp-attribute": "text",
      "ui-priority": 0
    },
    "ioc": {
      "description": "Generic IOC",
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 0
    },
    "textfield": {
      "description": "Generic textfield",
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 0
    }
  },
  "description": "A diamond model event object consisting of the four diamond features advesary, infrastructure, capability and victim, several meta-features and ioc attributes.",
  "meta-category": "internal",
  "name": "diamond-event",
  "required": [
    "EventID",
    "Advesary",
    "Capability",
    "Infrastructure",
    "Victim"
  ],
  "uuid": "a9618450-694d-4c73-9f76-35ea0150c19e",
  "version": 1
}
new:added Diamond Object 2023-06-13 10:47:28 +02:00			`{`
jq 2023-06-13 19:15:23 +02:00			`"attributes": {`
			`"Advesary": {`
			`"description": "The advesary who attacks the victim",`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
jq 2023-06-13 19:15:23 +02:00			`},`
			`"Capability": {`
			`"description": "The capability used to attack the victim",`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
			`},`
			`"Description": {`
			`"description": "Further context to the event",`
			`"misp-attribute": "text",`
			`"ui-priority": 0`
			`},`
			`"Direction": {`
			`"description": "The network-based direction of the event",`
			`"misp-attribute": "text",`
jq 2023-06-13 19:15:23 +02:00			`"ui-priority": 0,`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"values_list": [`
			`"Victim-to-Infrastructure",`
			`"Infrastructure-to-Victim",`
			`"Infrastructure-to-Infrastructure",`
			`"Adversary-to-Infrastructure",`
			`"Infrastructure-to-Adversary",`
			`"Bidirectional",`
			`"Unknown"`
			`]`
			`},`
			`"EventID": {`
			`"description": "Id of the event",`
fix: Changed a few attribute types in different template 2024-04-13 12:24:58 +02:00			`"misp-attribute": "integer",`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"ui-priority": 0`
jq 2023-06-13 19:15:23 +02:00			`},`
			`"Infrastructure": {`
			`"description": "The infrastructure used in the attack",`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"misp-attribute": "text",`
			`"ui-priority": 0`
jq 2023-06-13 19:15:23 +02:00			`},`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"Methodology": {`
			`"description": "Mitre-Attack mapping of the event",`
			`"misp-attribute": "text",`
			`"ui-priority": 0`
jq 2023-06-13 19:15:23 +02:00			`},`
			`"Phase": {`
			`"description": "The event mapped to a phase of the killchain",`
			`"misp-attribute": "text",`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"ui-priority": 0,`
jq 2023-06-13 19:15:23 +02:00			`"values_list": [`
			`"Reconnaissance",`
			`"Weaponization",`
			`"Delivery",`
			`"Exploitation",`
			`"Installation",`
			`"C2",`
			`"Action on Objectives"`
			`]`
			`},`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"Resources": {`
			`"description": "The resources the attacker needed for the event to succeed",`
			`"misp-attribute": "text",`
			`"ui-priority": 0`
			`},`
jq 2023-06-13 19:15:23 +02:00			`"Result": {`
			`"description": "The result of the event",`
			`"misp-attribute": "text",`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"ui-priority": 0`
jq 2023-06-13 19:15:23 +02:00			`},`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"Timestamp": {`
			`"description": "Timestamp when the event happened",`
			`"misp-attribute": "datetime",`
			`"ui-priority": 0`
jq 2023-06-13 19:15:23 +02:00			`},`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"Victim": {`
			`"description": "The attacked victim",`
			`"misp-attribute": "text",`
			`"ui-priority": 0`
jq 2023-06-13 19:15:23 +02:00			`},`
			`"ioc": {`
			`"description": "Generic IOC",`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"misp-attribute": "text",`
jq 2023-06-13 19:15:23 +02:00			`"multiple": true,`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"ui-priority": 0`
jq 2023-06-13 19:15:23 +02:00			`},`
			`"textfield": {`
			`"description": "Generic textfield",`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"misp-attribute": "text",`
jq 2023-06-13 19:15:23 +02:00			`"multiple": true,`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`"ui-priority": 0`
new:added Diamond Object 2023-06-13 10:47:28 +02:00			`}`
ran jq_all_the_things.sh 2023-06-14 13:54:46 +02:00			`},`
			`"description": "A diamond model event object consisting of the four diamond features advesary, infrastructure, capability and victim, several meta-features and ioc attributes.",`
			`"meta-category": "internal",`
			`"name": "diamond-event",`
			`"required": [`
			`"EventID",`
			`"Advesary",`
			`"Capability",`
			`"Infrastructure",`
			`"Victim"`
			`],`
			`"uuid": "a9618450-694d-4c73-9f76-35ea0150c19e",`
			`"version": 1`
jq 2023-06-13 19:15:23 +02:00			`}`