2017-02-13 11:15:51 +01:00
|
|
|
{
|
|
|
|
"$schema": "http://json-schema.org/schema#",
|
2019-08-08 11:30:47 +02:00
|
|
|
"additionalProperties": false,
|
2017-03-07 11:09:55 +01:00
|
|
|
"defs": {
|
|
|
|
"attribute": {
|
|
|
|
"additionalProperties": false,
|
|
|
|
"properties": {
|
|
|
|
"categories": {
|
|
|
|
"items": {
|
2019-08-08 11:46:54 +02:00
|
|
|
"enum": [
|
|
|
|
"Antivirus detection",
|
|
|
|
"Artifacts dropped",
|
|
|
|
"Attribution",
|
|
|
|
"External analysis",
|
|
|
|
"Financial fraud",
|
|
|
|
"Internal reference",
|
|
|
|
"Network activity",
|
|
|
|
"Other",
|
|
|
|
"Payload delivery",
|
|
|
|
"Payload installation",
|
|
|
|
"Payload type",
|
|
|
|
"Persistence mechanism",
|
|
|
|
"Person",
|
|
|
|
"Social network",
|
|
|
|
"Support Tool",
|
|
|
|
"Targeting data"
|
|
|
|
],
|
2017-03-07 11:09:55 +01:00
|
|
|
"type": "string"
|
2019-08-08 11:30:47 +02:00
|
|
|
},
|
2017-03-07 11:09:55 +01:00
|
|
|
"type": "array",
|
2019-08-08 11:30:47 +02:00
|
|
|
"uniqueItems": true
|
2017-03-13 08:22:28 +01:00
|
|
|
},
|
2019-08-08 11:30:47 +02:00
|
|
|
"description": {
|
|
|
|
"type": "string"
|
|
|
|
},
|
|
|
|
"disable_correlation": {
|
|
|
|
"type": "boolean"
|
|
|
|
},
|
|
|
|
"misp-attribute": {
|
2019-08-08 11:46:54 +02:00
|
|
|
"enum": [
|
|
|
|
"AS",
|
|
|
|
"aba-rtn",
|
|
|
|
"anonymised",
|
|
|
|
"attachment",
|
|
|
|
"authentihash",
|
|
|
|
"bank-account-nr",
|
|
|
|
"bic",
|
|
|
|
"bin",
|
|
|
|
"boolean",
|
|
|
|
"bro",
|
|
|
|
"btc",
|
|
|
|
"campaign-id",
|
|
|
|
"campaign-name",
|
|
|
|
"cc-number",
|
|
|
|
"cdhash",
|
2020-01-21 09:47:13 +01:00
|
|
|
"chrome-extension-id",
|
2019-08-08 11:46:54 +02:00
|
|
|
"comment",
|
|
|
|
"community-id",
|
|
|
|
"cookie",
|
|
|
|
"cortex",
|
|
|
|
"counter",
|
|
|
|
"country-of-residence",
|
|
|
|
"cpe",
|
2019-10-01 20:14:51 +02:00
|
|
|
"dash",
|
2019-08-08 11:46:54 +02:00
|
|
|
"date-of-birth",
|
|
|
|
"datetime",
|
2021-02-25 07:37:36 +01:00
|
|
|
"dkim",
|
|
|
|
"dkim-signature",
|
2019-08-08 11:46:54 +02:00
|
|
|
"dns-soa-email",
|
|
|
|
"domain",
|
|
|
|
"domain|ip",
|
2020-09-04 16:36:53 +02:00
|
|
|
"email",
|
2019-08-08 11:46:54 +02:00
|
|
|
"email-attachment",
|
|
|
|
"email-body",
|
|
|
|
"email-dst",
|
|
|
|
"email-dst-display-name",
|
|
|
|
"email-header",
|
|
|
|
"email-message-id",
|
|
|
|
"email-mime-boundary",
|
|
|
|
"email-reply-to",
|
|
|
|
"email-src",
|
|
|
|
"email-src-display-name",
|
|
|
|
"email-subject",
|
|
|
|
"email-thread-index",
|
|
|
|
"email-x-mailer",
|
2019-12-05 19:21:49 +01:00
|
|
|
"eppn",
|
2020-12-24 12:00:45 +01:00
|
|
|
"favicon-mmh3",
|
2019-08-08 11:46:54 +02:00
|
|
|
"filename",
|
|
|
|
"filename|authentihash",
|
|
|
|
"filename|impfuzzy",
|
|
|
|
"filename|imphash",
|
|
|
|
"filename|md5",
|
|
|
|
"filename|pehash",
|
|
|
|
"filename|sha1",
|
|
|
|
"filename|sha224",
|
|
|
|
"filename|sha256",
|
2020-08-24 13:18:53 +02:00
|
|
|
"filename|sha3-224",
|
|
|
|
"filename|sha3-256",
|
|
|
|
"filename|sha3-384",
|
|
|
|
"filename|sha3-512",
|
2019-08-08 11:46:54 +02:00
|
|
|
"filename|sha384",
|
|
|
|
"filename|sha512",
|
|
|
|
"filename|sha512/224",
|
|
|
|
"filename|sha512/256",
|
|
|
|
"filename|ssdeep",
|
|
|
|
"filename|tlsh",
|
2020-08-17 17:35:58 +02:00
|
|
|
"filename|vhash",
|
2019-08-08 11:46:54 +02:00
|
|
|
"first-name",
|
|
|
|
"float",
|
|
|
|
"frequent-flyer-number",
|
|
|
|
"gender",
|
|
|
|
"gene",
|
2020-05-27 10:05:34 +02:00
|
|
|
"git-commit-id",
|
2019-08-08 11:46:54 +02:00
|
|
|
"github-organisation",
|
|
|
|
"github-repository",
|
|
|
|
"github-username",
|
|
|
|
"hassh-md5",
|
|
|
|
"hasshserver-md5",
|
|
|
|
"hex",
|
|
|
|
"hostname",
|
|
|
|
"hostname|port",
|
|
|
|
"http-method",
|
|
|
|
"iban",
|
|
|
|
"identity-card-number",
|
|
|
|
"impfuzzy",
|
|
|
|
"imphash",
|
|
|
|
"ip-dst",
|
|
|
|
"ip-dst|port",
|
|
|
|
"ip-src",
|
|
|
|
"ip-src|port",
|
|
|
|
"issue-date-of-the-visa",
|
|
|
|
"ja3-fingerprint-md5",
|
|
|
|
"jabber-id",
|
2020-11-24 11:28:37 +01:00
|
|
|
"jarm-fingerprint",
|
2019-12-28 15:31:09 +01:00
|
|
|
"kusto-query",
|
2019-08-08 11:46:54 +02:00
|
|
|
"last-name",
|
|
|
|
"link",
|
|
|
|
"mac-address",
|
|
|
|
"mac-eui-64",
|
|
|
|
"malware-sample",
|
|
|
|
"malware-type",
|
|
|
|
"md5",
|
|
|
|
"middle-name",
|
|
|
|
"mime-type",
|
|
|
|
"mobile-application-id",
|
|
|
|
"mutex",
|
|
|
|
"named pipe",
|
|
|
|
"nationality",
|
|
|
|
"other",
|
|
|
|
"passenger-name-record-locator-number",
|
|
|
|
"passport-country",
|
|
|
|
"passport-expiration",
|
|
|
|
"passport-number",
|
2020-10-01 15:09:08 +02:00
|
|
|
"pattern-filename",
|
2019-08-08 11:46:54 +02:00
|
|
|
"pattern-in-file",
|
|
|
|
"pattern-in-memory",
|
|
|
|
"pattern-in-traffic",
|
|
|
|
"payment-details",
|
|
|
|
"pdb",
|
|
|
|
"pehash",
|
2020-09-04 16:36:53 +02:00
|
|
|
"pgp-private-key",
|
|
|
|
"pgp-public-key",
|
2019-08-08 11:46:54 +02:00
|
|
|
"phone-number",
|
|
|
|
"place-of-birth",
|
|
|
|
"place-port-of-clearance",
|
|
|
|
"place-port-of-onward-foreign-destination",
|
|
|
|
"place-port-of-original-embarkation",
|
|
|
|
"port",
|
|
|
|
"primary-residence",
|
2020-11-24 12:20:59 +01:00
|
|
|
"process-state",
|
2019-08-08 11:46:54 +02:00
|
|
|
"prtn",
|
|
|
|
"redress-number",
|
|
|
|
"regkey",
|
|
|
|
"regkey|value",
|
|
|
|
"sha1",
|
|
|
|
"sha224",
|
|
|
|
"sha256",
|
2020-08-24 13:18:53 +02:00
|
|
|
"sha3-224",
|
|
|
|
"sha3-256",
|
|
|
|
"sha3-384",
|
|
|
|
"sha3-512",
|
2019-08-08 11:46:54 +02:00
|
|
|
"sha384",
|
|
|
|
"sha512",
|
|
|
|
"sha512/224",
|
|
|
|
"sha512/256",
|
|
|
|
"sigma",
|
|
|
|
"size-in-bytes",
|
|
|
|
"snort",
|
|
|
|
"special-service-request",
|
|
|
|
"ssdeep",
|
|
|
|
"stix2-pattern",
|
|
|
|
"target-email",
|
|
|
|
"target-external",
|
|
|
|
"target-location",
|
|
|
|
"target-machine",
|
|
|
|
"target-org",
|
|
|
|
"target-user",
|
2020-10-13 22:35:27 +02:00
|
|
|
"telfhash",
|
2019-08-08 11:46:54 +02:00
|
|
|
"text",
|
|
|
|
"threat-actor",
|
|
|
|
"tlsh",
|
|
|
|
"travel-details",
|
|
|
|
"twitter-id",
|
|
|
|
"uri",
|
|
|
|
"url",
|
|
|
|
"user-agent",
|
2020-08-24 13:18:53 +02:00
|
|
|
"vhash",
|
2019-08-08 11:46:54 +02:00
|
|
|
"visa-number",
|
|
|
|
"vulnerability",
|
|
|
|
"weakness",
|
|
|
|
"whois-creation-date",
|
|
|
|
"whois-registrant-email",
|
|
|
|
"whois-registrant-name",
|
|
|
|
"whois-registrant-org",
|
|
|
|
"whois-registrant-phone",
|
|
|
|
"whois-registrar",
|
|
|
|
"windows-scheduled-task",
|
|
|
|
"windows-service-displayname",
|
|
|
|
"windows-service-name",
|
|
|
|
"x509-fingerprint-md5",
|
|
|
|
"x509-fingerprint-sha1",
|
|
|
|
"x509-fingerprint-sha256",
|
|
|
|
"xmr",
|
|
|
|
"yara",
|
|
|
|
"zeek"
|
|
|
|
],
|
2019-08-08 11:30:47 +02:00
|
|
|
"type": "string"
|
2017-03-07 11:09:55 +01:00
|
|
|
},
|
|
|
|
"multiple": {
|
|
|
|
"type": "boolean"
|
|
|
|
},
|
2019-08-08 11:30:47 +02:00
|
|
|
"recommended": {
|
2017-03-13 15:13:36 +01:00
|
|
|
"type": "boolean"
|
|
|
|
},
|
2019-08-08 11:30:47 +02:00
|
|
|
"sane_default": {
|
|
|
|
"items": {
|
|
|
|
"type": "string"
|
|
|
|
},
|
|
|
|
"type": "array",
|
|
|
|
"uniqueItems": true
|
|
|
|
},
|
2017-03-17 17:31:09 +01:00
|
|
|
"to_ids": {
|
|
|
|
"type": "boolean"
|
|
|
|
},
|
2019-08-08 11:30:47 +02:00
|
|
|
"ui-priority": {
|
|
|
|
"type": "number"
|
2017-08-29 13:25:58 +02:00
|
|
|
},
|
2019-08-08 11:30:47 +02:00
|
|
|
"values_list": {
|
|
|
|
"items": {
|
|
|
|
"type": "string"
|
|
|
|
},
|
|
|
|
"type": "array",
|
|
|
|
"uniqueItems": true
|
2017-03-07 11:09:55 +01:00
|
|
|
}
|
|
|
|
},
|
|
|
|
"required": [
|
|
|
|
"misp-attribute",
|
2017-08-29 13:25:58 +02:00
|
|
|
"ui-priority",
|
|
|
|
"description"
|
2019-08-08 11:30:47 +02:00
|
|
|
],
|
|
|
|
"type": "object"
|
2017-03-07 11:09:55 +01:00
|
|
|
}
|
|
|
|
},
|
2019-08-08 11:30:47 +02:00
|
|
|
"id": "https://www.github.com/MISP/misp-objects/schema.json",
|
2017-02-13 11:15:51 +01:00
|
|
|
"properties": {
|
2019-08-08 11:30:47 +02:00
|
|
|
"attributes": {
|
|
|
|
"additionalProperties": {
|
|
|
|
"$ref": "#/defs/attribute",
|
|
|
|
"type": "object"
|
|
|
|
},
|
|
|
|
"type": "object"
|
|
|
|
},
|
|
|
|
"description": {
|
|
|
|
"type": "string"
|
|
|
|
},
|
2017-02-13 11:15:51 +01:00
|
|
|
"meta-category": {
|
2017-06-28 11:18:10 +02:00
|
|
|
"enum": [
|
|
|
|
"file",
|
|
|
|
"network",
|
|
|
|
"financial",
|
|
|
|
"misc",
|
2018-07-10 07:39:58 +02:00
|
|
|
"internal",
|
2019-07-24 09:31:15 +02:00
|
|
|
"vulnerability",
|
2020-02-17 08:28:58 +01:00
|
|
|
"climate",
|
2020-02-29 01:18:07 +01:00
|
|
|
"iot",
|
2020-04-27 15:50:10 +02:00
|
|
|
"health",
|
|
|
|
"followthemoney"
|
2019-08-08 11:30:47 +02:00
|
|
|
],
|
2017-02-13 11:15:51 +01:00
|
|
|
"type": "string"
|
|
|
|
},
|
2019-08-08 11:30:47 +02:00
|
|
|
"name": {
|
2017-03-17 17:31:09 +01:00
|
|
|
"type": "string"
|
|
|
|
},
|
2019-08-08 11:30:47 +02:00
|
|
|
"required": {
|
2017-03-07 11:09:55 +01:00
|
|
|
"items": {
|
|
|
|
"type": "string"
|
2019-08-08 11:30:47 +02:00
|
|
|
},
|
2017-03-07 11:09:55 +01:00
|
|
|
"type": "array",
|
2019-08-08 11:30:47 +02:00
|
|
|
"uniqueItems": true
|
|
|
|
},
|
|
|
|
"requiredOneOf": {
|
2017-03-07 11:09:55 +01:00
|
|
|
"items": {
|
|
|
|
"type": "string"
|
2019-08-08 11:30:47 +02:00
|
|
|
},
|
|
|
|
"type": "array",
|
|
|
|
"uniqueItems": true
|
|
|
|
},
|
|
|
|
"uuid": {
|
|
|
|
"type": "string"
|
|
|
|
},
|
|
|
|
"version": {
|
|
|
|
"type": "integer"
|
2017-02-13 11:15:51 +01:00
|
|
|
}
|
|
|
|
},
|
|
|
|
"required": [
|
|
|
|
"attributes",
|
|
|
|
"version",
|
|
|
|
"description",
|
|
|
|
"meta-category",
|
2017-03-17 17:31:09 +01:00
|
|
|
"name",
|
|
|
|
"uuid"
|
2019-08-08 11:30:47 +02:00
|
|
|
],
|
|
|
|
"title": "Validator for misp-objects",
|
|
|
|
"type": "object"
|
2017-02-13 11:15:51 +01:00
|
|
|
}
|