misp-objects/objects/incident/definition.json

188 lines
5.1 KiB
JSON
Raw Normal View History

{
"attributes": {
"criticality": {
"description": "Criticality of the incident",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Description of the incident.",
"misp-attribute": "text",
"ui-priority": 1
},
"detection_method": {
"description": "Methods used to detect the activity.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"automated-tool",
"human-review",
"message-from-attacker",
"system-outage",
"user-reporting"
],
"ui-priority": 0
},
"determination": {
"description": "Determination on the outcome of the incident.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"blocked",
"successful-attempt",
"failed-attempt",
"false-positive",
"low-value",
"suspected"
],
"ui-priority": 0
},
"incident_type": {
"description": "Type of incident",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"aggregation-information-phishing-schemes",
"benign",
"blocked",
"brute-force-attempt",
"c&c-server-hosting",
"compromised-system",
"confirmed",
"connection-malware-port",
"connection-malware-system",
"content-forbidden-by-law",
"control-system-bypass",
"copyrighted-content",
"data-exfiltration",
"deferred",
"deletion-information",
"denial-of-service",
"destruction",
"dictionary-attack-attempt",
"discarded",
"disruption-data-transmission",
"dissemination-malware-email",
"dissemination-phishing-emails",
"dns-cache-poisoning",
"dns-local-resolver-hijacking",
"dns-spoofing-registered",
"dns-rebinding",
"dns-server-compromise",
"dns-spoofing-unregistered",
"dns-stub-resolver-hijacking",
"dns-zone-transfer",
"domain-name-compromise",
"duplicate",
"email-flooding",
"equipment-loss",
"equipment-theft",
"exploit",
"exploit-attempt",
"exploit-framework-exhausting-resources",
"exploit-tool-exhausting-resources",
"failed",
"file-inclusion",
"file-inclusion-attempt",
"hosting-malware-webpage",
"hosting-phishing-sites",
"illegitimate-use-name",
"illegitimate-use-resources",
"infected-by-known-malware",
"insufficient-data",
"known-malware",
"lame-delegations",
"major",
"modification-information",
"misconfiguration",
"natural",
"network-scanning",
"no-apt",
"packet-flood",
"password-cracking-attempt",
"ransomware",
"refuted",
"scan-probe",
"silently-discarded",
"supply-chain-customer",
"supply-chain-vendor",
"spam",
"sql-injection",
"sql-injection-attempt",
"successful",
"system-probe",
"theft-access-credentials",
"unattributed",
"unauthorized-access-information",
"unauthorized-access-system",
"unauthorized-equipment",
"unauthorized-release",
"unauthorized-use",
"undetermined",
"unintentional",
"unknown-apt",
"unspecified",
"vandalism",
"wiretapping",
"worm-spreading",
"xss",
"xss-attempt"
],
"ui-priority": 0
},
"investigation_status": {
"description": "Current status of the incident investigation.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"closed",
"new",
"open"
],
"ui-priority": 0
},
"name": {
"description": "Name of the incident.",
"misp-attribute": "text",
"ui-priority": 1
},
"recoverability": {
"description": "Recoverability of the incident, with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"score": {
"description": "Incident score, with a name, an optional description and the numeric score value.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
}
},
"description": "Incident object template as described in STIX 2.1 Incident object and its core extension.",
"meta-category": "misc",
"name": "incident",
"required": [
"name"
],
"uuid": "38597424-f9bb-4865-9b4b-819172df0334",
"version": 1
}