2019-07-08 11:18:21 +02:00
|
|
|
{
|
|
|
|
"attributes": {
|
|
|
|
"account-type": {
|
|
|
|
"description": "Type of the account.",
|
2019-07-08 11:38:11 +02:00
|
|
|
"misp-attribute": "text",
|
2019-07-08 11:18:21 +02:00
|
|
|
"sane_default": [
|
|
|
|
"facebook",
|
|
|
|
"ldap",
|
|
|
|
"nis",
|
|
|
|
"openid",
|
|
|
|
"radius",
|
|
|
|
"skype",
|
|
|
|
"tacacs",
|
|
|
|
"twitter",
|
|
|
|
"unix",
|
|
|
|
"windows-local",
|
|
|
|
"windows-domain"
|
2020-04-26 02:10:02 +02:00
|
|
|
],
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
|
|
|
"can_escalate_privs": {
|
|
|
|
"description": "Specifies if the account has the ability to escalate privileges.",
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "boolean",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"created": {
|
|
|
|
"description": "Creation time of the account.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
2021-09-14 08:31:01 +02:00
|
|
|
"description": {
|
|
|
|
"description": "A description of the user account.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
2019-07-08 11:18:21 +02:00
|
|
|
"disabled": {
|
|
|
|
"description": "Specifies if the account is desabled.",
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "boolean",
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"display-name": {
|
|
|
|
"description": "Display name of the account.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
|
|
|
"expires": {
|
|
|
|
"description": "Expiration time of the account",
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
|
|
|
"first_login": {
|
|
|
|
"description": "First time someone logged in to the account.",
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"group": {
|
|
|
|
"description": "UNIX group(s) the account is member of.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"group-id": {
|
|
|
|
"description": "Identifier of the primary group of the account, in case of a UNIX account.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"home_dir": {
|
|
|
|
"description": "Home directory of the UNIX account.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"is_service_account": {
|
|
|
|
"description": "Specifies if the account is associated with a network service.",
|
|
|
|
"disable_correlation": true,
|
|
|
|
"misp-attribute": "boolean",
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
|
|
|
"last_login": {
|
|
|
|
"description": "Last time someone logged in to the account.",
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"link": {
|
|
|
|
"description": "Original link into the account page (Supposed harmless)",
|
|
|
|
"misp-attribute": "link",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"password": {
|
|
|
|
"description": "Password related to the username.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
|
|
|
"password_last_changed": {
|
|
|
|
"description": "Last time the password has been changed.",
|
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "datetime",
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"privileged": {
|
|
|
|
"description": "Specifies if the account has privileges such as root rights.",
|
2019-07-08 11:18:21 +02:00
|
|
|
"disable_correlation": true,
|
2020-04-26 02:10:02 +02:00
|
|
|
"misp-attribute": "boolean",
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"shell": {
|
|
|
|
"description": "UNIX command shell of the account.",
|
2019-07-08 11:18:21 +02:00
|
|
|
"disable_correlation": true,
|
2019-07-08 11:38:11 +02:00
|
|
|
"misp-attribute": "text",
|
2020-04-26 02:10:02 +02:00
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
},
|
2020-04-26 02:10:02 +02:00
|
|
|
"user-avatar": {
|
|
|
|
"description": "A user profile picture or avatar.",
|
|
|
|
"misp-attribute": "attachment",
|
|
|
|
"multiple": true,
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"user-id": {
|
|
|
|
"description": "Identifier of the account.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
|
|
|
},
|
|
|
|
"username": {
|
|
|
|
"description": "Username related to the password.",
|
|
|
|
"misp-attribute": "text",
|
|
|
|
"ui-priority": 1
|
2019-07-08 11:18:21 +02:00
|
|
|
}
|
2020-04-26 02:10:02 +02:00
|
|
|
},
|
|
|
|
"description": "",
|
|
|
|
"meta-category": "misc",
|
|
|
|
"name": "user-account",
|
|
|
|
"requiredOneOf": [
|
|
|
|
"password",
|
|
|
|
"username",
|
|
|
|
"user-id"
|
|
|
|
],
|
|
|
|
"uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3",
|
2021-09-14 08:31:01 +02:00
|
|
|
"version": 4
|
2020-04-26 02:10:02 +02:00
|
|
|
}
|