misp-objects/objects/sandbox-report/definition.json

{
  "required": [
    "sandbox-type"
  ],
  "requiredOneOf": [
    "web-sandbox",
    "on-premise-sandbox",
    "saas-sandbox"
  ],
  "attributes": {
    "permalink": {
      "description": "Permalink reference",
      "categories": [
        "External analysis"
      ],
      "ui-priority": 2,
      "misp-attribute": "link"
    },
    "score": {
      "description": "Score",
      "disable_correlation": true,
      "categories": [
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "text"
    },
    "results": {
      "description": "Freetext result values",
      "disable_correlation": true,
      "categories": [
        "External analysis"
      ],
      "ui-priority": 1,
      "misp-attribute": "text",
      "multiple": true
    },
    "raw-report": {
      "description": "Raw report from sandbox",
      "disable_correlation": true,
      "categories": [
        "External analysis"
      ],
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "sandbox-file": {
      "description": "File related to sandbox run",
      "misp-attribute": "attachment",
      "disable_correlation": true,
      "ui-priority": 1,
      "categories": [
        "External analysis"
      ],
      "multiple": true
    },
    "sandbox-type": {
      "description": "The type of sandbox used",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1,
      "sane_default": [
        "on-premise",
        "web",
        "saas"
      ]
    },
    "on-premise-sandbox": {
      "description": "The on-premise sandbox used",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1,
      "sane_default": [
        "cuckoo",
        "symantec-cas-on-premise",
        "bluecoat-maa",
        "trendmicro-deep-discovery-analyzer",
        "fireeye-ax",
        "vmray",
        "joe-sandbox-on-premise"
      ]
    },
    "web-sandbox": {
      "description": "A web sandbox where results are publicly available via an URL",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1,
      "sane_default": [
        "malwr",
        "hybrid-analysis"
      ]
    },
    "saas-sandbox": {
      "description": "A non-on-premise sandbox, also results are not publicly available",
      "misp-attribute": "text",
      "disable_correlation": true,
      "ui-priority": 1,
      "sane_default": [
        "forticloud-sandbox",
        "joe-sandbox-cloud",
        "symantec-cas-cloud"
      ]
    }
  },
  "version": 2,
  "description": "Sandbox report",
  "meta-category": "misc",
  "uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef",
  "name": "sandbox-report"
}
added sandbox-report object 2018-01-08 17:28:21 +01:00			`{`
			`"required": [`
			`"sandbox-type"`
			`],`
			`"requiredOneOf": [`
			`"web-sandbox",`
			`"on-premise-sandbox",`
			`"saas-sandbox"`
			`],`
			`"attributes": {`
			`"permalink": {`
			`"description": "Permalink reference",`
			`"categories": [`
			`"External analysis"`
			`],`
			`"ui-priority": 2,`
			`"misp-attribute": "link"`
			`},`
			`"score": {`
			`"description": "Score",`
			`"disable_correlation": true,`
			`"categories": [`
			`"External analysis"`
			`],`
			`"ui-priority": 1,`
			`"misp-attribute": "text"`
			`},`
			`"results": {`
			`"description": "Freetext result values",`
			`"disable_correlation": true,`
			`"categories": [`
			`"External analysis"`
			`],`
			`"ui-priority": 1,`
			`"misp-attribute": "text",`
			`"multiple": true`
			`},`
			`"raw-report": {`
			`"description": "Raw report from sandbox",`
			`"disable_correlation": true,`
			`"categories": [`
			`"External analysis"`
			`],`
			`"ui-priority": 0,`
			`"misp-attribute": "text"`
			`},`
added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object 2018-10-24 13:58:38 +02:00			`"sandbox-file": {`
			`"description": "File related to sandbox run",`
			`"misp-attribute": "attachment",`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"categories": [`
fix failing check via running .jq_all_the_things.sh 2018-10-24 14:14:32 +02:00			`"External analysis"`
added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object 2018-10-24 13:58:38 +02:00			`],`
			`"multiple": true`
fix failing check via running .jq_all_the_things.sh 2018-10-24 14:14:32 +02:00			`},`
added sandbox-report object 2018-01-08 17:28:21 +01:00			`"sandbox-type": {`
			`"description": "The type of sandbox used",`
			`"misp-attribute": "text",`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"sane_default": [`
			`"on-premise",`
			`"web",`
			`"saas"`
			`]`
			`},`
			`"on-premise-sandbox": {`
			`"description": "The on-premise sandbox used",`
			`"misp-attribute": "text",`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"sane_default": [`
			`"cuckoo",`
			`"symantec-cas-on-premise",`
			`"bluecoat-maa",`
			`"trendmicro-deep-discovery-analyzer",`
			`"fireeye-ax",`
			`"vmray",`
			`"joe-sandbox-on-premise"`
			`]`
			`},`
			`"web-sandbox": {`
			`"description": "A web sandbox where results are publicly available via an URL",`
			`"misp-attribute": "text",`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"sane_default": [`
			`"malwr",`
			`"hybrid-analysis"`
			`]`
			`},`
			`"saas-sandbox": {`
			`"description": "A non-on-premise sandbox, also results are not publicly available",`
			`"misp-attribute": "text",`
			`"disable_correlation": true,`
			`"ui-priority": 1,`
			`"sane_default": [`
			`"forticloud-sandbox",`
			`"joe-sandbox-cloud",`
			`"symantec-cas-cloud"`
			`]`
			`}`
			`},`
added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object 2018-10-24 13:58:38 +02:00			`"version": 2,`
added sandbox-report object 2018-01-08 17:28:21 +01:00			`"description": "Sandbox report",`
			`"meta-category": "misc",`
			`"uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef",`
			`"name": "sandbox-report"`
			`}`