From ed7a730a79c70eaa982aebee480acbeea8796111 Mon Sep 17 00:00:00 2001 From: VVX7 Date: Fri, 29 May 2020 16:34:00 -0400 Subject: [PATCH 1/3] new: [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit --- objects/reddit-account/definition.json | 79 +++++++++++++++ objects/reddit-comment/definition.json | 85 ++++++++++++++++ objects/reddit-post/definition.json | 89 +++++++++++++++++ objects/reddit-subreddit/definition.json | 121 +++++++++++++++++++++++ 4 files changed, 374 insertions(+) create mode 100644 objects/reddit-account/definition.json create mode 100644 objects/reddit-comment/definition.json create mode 100644 objects/reddit-post/definition.json create mode 100644 objects/reddit-subreddit/definition.json diff --git a/objects/reddit-account/definition.json b/objects/reddit-account/definition.json new file mode 100644 index 0000000..337f1b0 --- /dev/null +++ b/objects/reddit-account/definition.json @@ -0,0 +1,79 @@ +{ + "attributes": { + "account-avatar": { + "description": "A screen capture or exported account avatar.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "account-id": { + "description": "Account id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "account-name": { + "description": "Account name (do not include u/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "archive": { + "description": "Archive of the account (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "description": { + "description": "A description of the user.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link to the account page (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "moderator-of": { + "description": "Subreddits of which this account is a moderator (exclude the r/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "trophies": { + "description": "Trophies listed in the account Trophy Case.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the page (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "user-avatar": { + "description": "A user profile picture or avatar.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + } + }, + "description": "Reddit account.", + "meta-category": "misc", + "name": "reddit-account", + "requiredOneOf": [ + "account-name", + "account-id", + "description", + "archive", + "link" + ], + "uuid": "6802f885-2003-494a-b234-61aadce62731", + "version": 1 +} \ No newline at end of file diff --git a/objects/reddit-comment/definition.json b/objects/reddit-comment/definition.json new file mode 100644 index 0000000..c487cb2 --- /dev/null +++ b/objects/reddit-comment/definition.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original comment (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported file from the comment.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "comment": { + "description": "The raw text of the comment.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "creator": { + "description": "The user account that created the post (do not include u/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the comment.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the subreddit description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the subreddit description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used to identify or promote the comment.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the comment (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "subreddit-name": { + "description": "The name of the subreddit where it was posted (exclude the r/).", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the comment (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "username-quoted": { + "description": "Username who are quoted in the comment (do not include u/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + } + }, + "description": "A Reddit post comment.", + "meta-category": "misc", + "name": "reddit-comment", + "requiredOneOf": [ + "creator", + "comment", + "archive", + "link" + ], + "uuid": "0a7e5fc0-fe6a-43c7-a957-de3269c2eb6c", + "version": 1 +} \ No newline at end of file diff --git a/objects/reddit-post/definition.json b/objects/reddit-post/definition.json new file mode 100644 index 0000000..2ccde61 --- /dev/null +++ b/objects/reddit-post/definition.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original Reddit post (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported file from the Reddit post.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "creator": { + "description": "The user account that created the post (do not include u/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the post.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the subreddit description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the subreddit description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used to identify or promote the Reddit post.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the Reddit post (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "post-content": { + "description": "The raw text of the Reddit post.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "post-title": { + "description": "The title of the Reddit post.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "subreddit-name": { + "description": "The name of the subreddit where it was posted (exclude the r/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the Reddit post (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "username-quoted": { + "description": "Username who are quoted in the Reddit post (do not include u/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + } + }, + "description": "A Reddit post.", + "meta-category": "misc", + "name": "reddit-post", + "requiredOneOf": [ + "post-title", + "post-content", + "archive", + "link" + ], + "uuid": "e5ed7e7f-2e21-44ff-839f-e58d9818f17f", + "version": 1 +} \ No newline at end of file diff --git a/objects/reddit-subreddit/definition.json b/objects/reddit-subreddit/definition.json new file mode 100644 index 0000000..19ae175 --- /dev/null +++ b/objects/reddit-subreddit/definition.json @@ -0,0 +1,121 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original subreddit (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts, subreddit members, etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "community-icon": { + "description": "A screen capture or exported subreddit community icon.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "creator": { + "description": "The user account that created the subreddit (do not include u/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the subreddit.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the subreddit description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the subreddit description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used to identify or promote the subreddit.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "header-image": { + "description": "A screen capture or exported subreddit header.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "link": { + "description": "Original link to the subreddit (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "moderator": { + "description": "A user account who is a moderator of the subreddit (do not include u/).", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "privacy": { + "description": "Subreddit privacy.", + "misp-attribute": "text", + "sane_default": [ + "Public", + "Private" + ], + "ui-priority": 1 + }, + "rules": { + "description": "Raw text of the rules of the subreddit.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "submit-text": { + "description": "The submission form raw text when posting to the subreddit.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "subreddit-alias": { + "description": "Aliases or previous names of subreddit.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "subreddit-name": { + "description": "The name of the subreddit (exclude the r/).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "subreddit-type": { + "description": "Subreddit type, e.g. general, buy and sell etc.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the subreddit (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + } + }, + "description": "Public or private subreddit.", + "meta-category": "misc", + "name": "reddit-subreddit", + "requiredOneOf": [ + "subreddit-name", + "description", + "archive", + "link" + ], + "uuid": "5a00464c-5379-4e66-ab21-d356ba426155", + "version": 1 +} \ No newline at end of file From cf5687b50d685fc6d7cef084692df0d2728451f3 Mon Sep 17 00:00:00 2001 From: VVX7 Date: Fri, 29 May 2020 21:10:02 -0400 Subject: [PATCH 2/3] new: [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image. --- objects/image/definition.json | 50 ++++++++++ objects/twitter-account/definition.json | 111 +++++++++++++++++++++ objects/twitter-list/definition.json | 88 +++++++++++++++++ objects/twitter-post/definition.json | 120 +++++++++++++++++++++++ objects/youtube-channel/definition.json | 77 +++++++++++++++ objects/youtube-comment/definition.json | 88 +++++++++++++++++ objects/youtube-playlist/definition.json | 59 +++++++++++ objects/youtube-video/definition.json | 88 +++++++++++++++++ 8 files changed, 681 insertions(+) create mode 100644 objects/image/definition.json create mode 100644 objects/twitter-account/definition.json create mode 100644 objects/twitter-list/definition.json create mode 100644 objects/twitter-post/definition.json create mode 100644 objects/youtube-channel/definition.json create mode 100644 objects/youtube-comment/definition.json create mode 100644 objects/youtube-playlist/definition.json create mode 100644 objects/youtube-video/definition.json diff --git a/objects/image/definition.json b/objects/image/definition.json new file mode 100644 index 0000000..484f127 --- /dev/null +++ b/objects/image/definition.json @@ -0,0 +1,50 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the image (Internet Archive, Archive.is, etc).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "The image file.", + "misp-attribute": "attachment", + "ui-priority": 1 + }, + "filename": { + "description": "The image filename.", + "misp-attribute": "filename", + "ui-priority": 1 + }, + "image-text": { + "description": "Raw text of image", + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link into the image (Supposed harmless)", + "misp-attribute": "link", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the image (potentially malicious)", + "misp-attribute": "url", + "ui-priority": 1 + }, + "username": { + "description": "Username who posted the image.", + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "Object describing an image file.", + "meta-category": "file", + "name": "image", + "requiredOneOf": [ + "attachment", + "archive", + "link" + ], + "uuid": "ca78ec03-3321-4ed3-9840-9bfd52b91d82", + "version": 1 +} \ No newline at end of file diff --git a/objects/twitter-account/definition.json b/objects/twitter-account/definition.json new file mode 100644 index 0000000..f17a6b6 --- /dev/null +++ b/objects/twitter-account/definition.json @@ -0,0 +1,111 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the account (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "description": { + "description": "A description of the user.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "displayed-name": { + "description": "Displayed name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the user description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the user description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "followers": { + "description": "number of followers.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "friends": { + "description": "Number of friends.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "hashtag": { + "description": "Hashtag embedded in the user description.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "id": { + "description": "Numeric account id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link to the user (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "listed": { + "description": "Number of lists the user is on.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "location": { + "description": "User description of location.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "name": { + "description": "User's screen name (without the @).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the user (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "verified": { + "description": "User verified.", + "misp-attribute": "text", + "sane_default": [ + "True", + "False" + ], + "ui-priority": 1 + } + }, + "description": "Twitter account.", + "meta-category": "misc", + "name": "twitter-account", + "requiredOneOf": [ + "name", + "id", + "description", + "archive", + "link" + ], + "uuid": "8066563f-881e-4f6a-9d6c-a9d15b8658bb", + "version": 1 +} \ No newline at end of file diff --git a/objects/twitter-list/definition.json b/objects/twitter-list/definition.json new file mode 100644 index 0000000..f264302 --- /dev/null +++ b/objects/twitter-list/definition.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the account (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "description": { + "description": "A description of the list.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "displayed-name": { + "description": "Displayed name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "to_ids": false, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag embedded in the description.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "id": { + "description": "Numeric list id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link to the list (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "name": { + "description": "List's screen name (without the @).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the list (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "user-id": { + "description": "Id of the account that manages this list.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "user-name": { + "description": "Name of the account that manages this list (without the @).", + "misp-attribute": "text", + "ui-priority": 0 + } + }, + "description": "Twitter list.", + "meta-category": "misc", + "name": "twitter-list", + "requiredOneOf": [ + "name", + "id", + "description", + "archive", + "link" + ], + "uuid": "7ae81d5c-d9d8-4812-88a7-5f14fba241da", + "version": 1 +} \ No newline at end of file diff --git a/objects/twitter-post/definition.json b/objects/twitter-post/definition.json new file mode 100644 index 0000000..627bdcd --- /dev/null +++ b/objects/twitter-post/definition.json @@ -0,0 +1,120 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original tweet (Internet Archive, Archive.is, etc).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "The tweet file or screen capture.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link in the tweet", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Safe link in the tweet", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag embedded in the tweet", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "in-reply-to-display-name": { + "description": "The user display name of the tweet this post shares.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "in-reply-to-status-id": { + "description": "The twitter ID of the tweet that this post shares.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "in-reply-to-user-id": { + "description": "The user ID of the tweet this post shares.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "language": { + "description": "The language of the post.", + "disable_correlation": true, + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the post (supposed harmless).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "post": { + "description": "Raw text of the post.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "post-id": { + "description": "Numeric id of the tweet.", + "misp-attribute": "post-id", + "ui-priority": 0 + }, + "removal-date": { + "description": "When the tweet was removed.", + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "source": { + "description": "Source of tweet (android, web etc).", + "misp-attribute": "text", + "ui-priority": 1 + }, + "url": { + "description": "Original URL of the tweet, e.g. link shortener (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 1 + }, + "user-id": { + "description": "Id of the account that posted this tweet.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "user-name": { + "description": "Name of the account that posted this tweet.", + "misp-attribute": "text", + "ui-priority": 0 + }, + "username-quoted": { + "description": "Username who is quoted in the tweet.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + } + }, + "description": "Twitter post (tweet).", + "meta-category": "misc", + "name": "twitter-post", + "requiredOneOf": [ + "post", + "post-id", + "archive", + "url", + "link", + "attachment" + ], + "uuid": "d1214031-ce1b-4a35-bd33-644c707bda2e", + "version": 1 +} \ No newline at end of file diff --git a/objects/youtube-channel/definition.json b/objects/youtube-channel/definition.json new file mode 100644 index 0000000..be07d9f --- /dev/null +++ b/objects/youtube-channel/definition.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "about": { + "description": "About page of the channel.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "archive": { + "description": "Archive of the channel (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-avatar": { + "description": "A screen capture or exported channel avatar.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-banner": { + "description": "A screen capture or exported channel header.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-id": { + "description": "Channel id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "channel-name": { + "description": "Channel name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the channel.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "featured-channel": { + "description": "Featured channel names.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "link": { + "description": "Original link to the channel page (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the page (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + } + }, + "description": "A YouTube channel.", + "meta-category": "misc", + "name": "youtube-channel", + "requiredOneOf": [ + "channel-name", + "channel-id", + "archive", + "link" + ], + "uuid": "cb9f492b-9930-4388-98e1-5d0cdcfa51df", + "version": 1 +} \ No newline at end of file diff --git a/objects/youtube-comment/definition.json b/objects/youtube-comment/definition.json new file mode 100644 index 0000000..5e2ffb6 --- /dev/null +++ b/objects/youtube-comment/definition.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original comment (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported comment.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-name": { + "description": "The name of the channel where it was posted.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "comment": { + "description": "The raw text of the YouTube video comment.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the comment.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the comment (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the comment (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used in the comment.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the comment (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the comment (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "user-account": { + "description": "The user account that commented on the YouTube video.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "username-quoted": { + "description": "Username who are quoted in the comment.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "video-title": { + "description": "The title of the YouTube video.", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "A YouTube video comment.", + "meta-category": "misc", + "name": "youtube-comment", + "requiredOneOf": [ + "comment", + "archive", + "link" + ], + "uuid": "218bc1ae-c5ee-452b-895d-a26e0beaa550", + "version": 1 +} \ No newline at end of file diff --git a/objects/youtube-playlist/definition.json b/objects/youtube-playlist/definition.json new file mode 100644 index 0000000..e4afaa1 --- /dev/null +++ b/objects/youtube-playlist/definition.json @@ -0,0 +1,59 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the playlist (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported list of contacts etc.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "description": { + "description": "A description of the playlist.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "link": { + "description": "Original link to the playlist page (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "playlist-id": { + "description": "Playlist id.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "playlist-name": { + "description": "Playlist name.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the page (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "video-link": { + "description": "Link to the video in playlist (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + } + }, + "description": "A YouTube playlist.", + "meta-category": "misc", + "name": "youtube-playlist", + "requiredOneOf": [ + "playlist-name", + "playlist-id", + "archive", + "link" + ], + "uuid": "5a5e7441-c048-4e4b-bab7-642a91d30935", + "version": 1 +} \ No newline at end of file diff --git a/objects/youtube-video/definition.json b/objects/youtube-video/definition.json new file mode 100644 index 0000000..c61e064 --- /dev/null +++ b/objects/youtube-video/definition.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "archive": { + "description": "Archive of the original YouTube video (Internet Archive, Archive.is, etc).", + "disable_correlation": true, + "misp-attribute": "link", + "multiple": true, + "ui-priority": 1 + }, + "attachment": { + "description": "A screen capture or exported YouTube video.", + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 1 + }, + "channel-name": { + "description": "The name of the channel where it was posted.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 1 + }, + "creator": { + "description": "The user account that created the YouTube video.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "description": { + "description": "A description of the YouTube video.", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "embedded-link": { + "description": "Link embedded in the YouTube video description (potentially malicious).", + "misp-attribute": "url", + "multiple": true, + "ui-priority": 0 + }, + "embedded-safe-link": { + "description": "Link embedded in the YouTube video description (supposed safe).", + "misp-attribute": "link", + "multiple": true, + "ui-priority": 0 + }, + "hashtag": { + "description": "Hashtag used to identify or promote the YouTube video.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "link": { + "description": "Original link to the YouTube video (supposed harmless).", + "misp-attribute": "link", + "ui-priority": 1 + }, + "url": { + "description": "Original URL location of the YouTube video (potentially malicious).", + "misp-attribute": "url", + "ui-priority": 1 + }, + "username-quoted": { + "description": "Username who are quoted in the YouTube video or description.", + "misp-attribute": "text", + "multiple": true, + "ui-priority": 0 + }, + "video-title": { + "description": "The title of the YouTube video.", + "misp-attribute": "text", + "ui-priority": 1 + }, + "video-transcript": { + "description": "The YouTube video transcript (closed captions).", + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "A YouTube video.", + "meta-category": "misc", + "name": "youtube-video", + "requiredOneOf": [ + "video-title", + "archive", + "link" + ], + "uuid": "2bd68462-a509-4320-b5c6-760a57fd1a80", + "version": 1 +} \ No newline at end of file From b9e235a4f42617e2d64c313f837c14696f49457c Mon Sep 17 00:00:00 2001 From: VVX7 Date: Sat, 30 May 2020 18:36:09 -0400 Subject: [PATCH 3/3] chg: [dev] fix attribute type --- objects/twitter-post/definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/objects/twitter-post/definition.json b/objects/twitter-post/definition.json index 627bdcd..80b04d8 100644 --- a/objects/twitter-post/definition.json +++ b/objects/twitter-post/definition.json @@ -68,7 +68,7 @@ }, "post-id": { "description": "Numeric id of the tweet.", - "misp-attribute": "post-id", + "misp-attribute": "text", "ui-priority": 0 }, "removal-date": {