misp-objects/objects/regripper-NTUser/definition.json

99 lines
2.9 KiB
JSON
Raw Normal View History

2018-10-25 17:31:36 +02:00
{
"required": [
"key"
],
"requiredOneOf": [
"logon-user-name"
],
"attributes": {
"key": {
"description": "Registry key where the information is retrieved from.",
"ui-priority": 0,
"misp-attribute": "text"
},
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"logon-user-name": {
"description": "Name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"recent-folders-accessed": {
"description": "List of recent folders accessed by the user.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"recent-files-accessed": {
"description": "List of recent files accessed by the user.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"typed-urls": {
"description": "Urls typed by the user in internet explorer",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"applications-installed": {
"description": "List of applications installed.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"applications-run": {
"description": "List of applications set to run on the system.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"external-devices": {
"description": "List of external devices connected to the system by the user.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"user-init": {
"description": "Applications or processes set to run when the user logs onto the windows system.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"nukeOnDelete": {
"description": "Determines if the Recycle bin option has been disabled.",
"ui-priority": 0,
"misp-attribute": "boolean",
"disable_correlation": true
},
"network-connected-to": {
"description": "List of networks the user connected the system to.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"mount-points": {
"description": "Details of the mount points created on the system.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true,
"disable_correlation": true
},
"comments": {
"description": "Additional information related to the user profile",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
},
"version": 1,
"description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.",
"meta-category": "misc",
"uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65",
"name": "regripper-NTUser"
}