From 0c7eb831d82ef24f8cc65b955f1c70b23fdeecd9 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Sat, 25 Feb 2023 18:05:42 +0800 Subject: [PATCH] chg: [AIS] Addition of AIS maritime ship identification and tracking --- README.md | 6 +- objects/ais/definition.json | 135 ++++++++++++++++++++++++++++++++++++ schema_objects.json | 1 + 3 files changed, 140 insertions(+), 2 deletions(-) create mode 100644 objects/ais/definition.json diff --git a/README.md b/README.md index 150b9b4..94f0675 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/ADS](https://github.com/MISP/misp-objects/blob/main/objects/ADS/definition.json) - An object defining ADS - Alerting and Detection Strategy by PALANTIR. Can be used for detection engineering. - [objects/ail-leak](https://github.com/MISP/misp-objects/blob/main/objects/ail-leak/definition.json) - An information leak as defined by the AIL Analysis Information Leak framework. +- [objects/ais](https://github.com/MISP/misp-objects/blob/main/objects/ais/definition.json) - Automatic Identification System (AIS) is an automatic tracking system that uses transceivers on ships. - [objects/ais-info](https://github.com/MISP/misp-objects/blob/main/objects/ais-info/definition.json) - Automated Indicator Sharing (AIS) Information Source Markings. - [objects/android-app](https://github.com/MISP/misp-objects/blob/main/objects/android-app/definition.json) - Indicators related to an Android app. - [objects/android-permission](https://github.com/MISP/misp-objects/blob/main/objects/android-permission/definition.json) - A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app). @@ -125,7 +126,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/blog](https://github.com/MISP/misp-objects/blob/main/objects/blog/definition.json) - Blog post like Medium or WordPress. - [objects/boleto](https://github.com/MISP/misp-objects/blob/main/objects/boleto/definition.json) - A common form of payment used in Brazil. - [objects/btc-transaction](https://github.com/MISP/misp-objects/blob/main/objects/btc-transaction/definition.json) - An object to describe a Bitcoin transaction. Best to be used with bitcoin-wallet. -- [objects/btc-wallet](https://github.com/MISP/misp-objects/blob/main/objects/btc-wallet/definition.json) - An object to describe a Bitcoin wallet. Best to be used with bitcoin-transaction. +- [objects/btc-wallet](https://github.com/MISP/misp-objects/blob/main/objects/btc-wallet/definition.json) - An object to describe a Bitcoin wallet. Best to be used with btc-transaction object. - [objects/cap-alert](https://github.com/MISP/misp-objects/blob/main/objects/cap-alert/definition.json) - Common Alerting Protocol Version (CAP) alert object. - [objects/cap-info](https://github.com/MISP/misp-objects/blob/main/objects/cap-info/definition.json) - Common Alerting Protocol Version (CAP) info object. - [objects/cap-resource](https://github.com/MISP/misp-objects/blob/main/objects/cap-resource/definition.json) - Common Alerting Protocol Version (CAP) resource object. @@ -185,7 +186,6 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/ftm-Call](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Call/definition.json) - Phone call object template including the call and all associated meta-data. - [objects/ftm-Company](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Company/definition.json) - A legal entity representing an association of people, whether natural, legal or a mixture of both, with a specific objective. - [objects/ftm-Contract](https://github.com/MISP/misp-objects/blob/main/objects/ftm-Contract/definition.json) - An contract or contract lot issued by an authority. Multiple lots may be awarded to different suppliers (see ContractAward). -. - [objects/ftm-ContractAward](https://github.com/MISP/misp-objects/blob/main/objects/ftm-ContractAward/definition.json) - A contract or contract lot as awarded to a supplier. - [objects/ftm-CourtCase](https://github.com/MISP/misp-objects/blob/main/objects/ftm-CourtCase/definition.json) - Court case. - [objects/ftm-CourtCaseParty](https://github.com/MISP/misp-objects/blob/main/objects/ftm-CourtCaseParty/definition.json) - Court Case Party. @@ -307,6 +307,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/query](https://github.com/MISP/misp-objects/blob/main/objects/query/definition.json) - An object describing a query, along with its format. - [objects/r2graphity](https://github.com/MISP/misp-objects/blob/main/objects/r2graphity/definition.json) - Indicators extracted from files using radare2 and graphml. - [objects/ransom-negotiation](https://github.com/MISP/misp-objects/blob/main/objects/ransom-negotiation/definition.json) - An object to describe ransom negotiations, as seen in ransomware incidents. +- [objects/ransomware-group-post](https://github.com/MISP/misp-objects/blob/main/objects/ransomware-group-post/definition.json) - Ransomware group post as monitored by ransomlook.io. - [objects/reddit-account](https://github.com/MISP/misp-objects/blob/main/objects/reddit-account/definition.json) - Reddit account. - [objects/reddit-comment](https://github.com/MISP/misp-objects/blob/main/objects/reddit-comment/definition.json) - A Reddit post comment. - [objects/reddit-post](https://github.com/MISP/misp-objects/blob/main/objects/reddit-post/definition.json) - A Reddit post. @@ -376,6 +377,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/tracking-id](https://github.com/MISP/misp-objects/blob/main/objects/tracking-id/definition.json) - Analytics and tracking ID such as used in Google Analytics or other analytic platform. - [objects/transaction](https://github.com/MISP/misp-objects/blob/main/objects/transaction/definition.json) - An object to describe a financial transaction. - [objects/translation](https://github.com/MISP/misp-objects/blob/main/objects/translation/definition.json) - Used to keep a text and its translation. +- [objects/transport-ticket](https://github.com/MISP/misp-objects/blob/main/objects/transport-ticket/definition.json) - A transport ticket. - [objects/trustar_report](https://github.com/MISP/misp-objects/blob/main/objects/trustar_report/definition.json) - TruStar Report. - [objects/tsk-chats](https://github.com/MISP/misp-objects/blob/main/objects/tsk-chats/definition.json) - An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation. - [objects/tsk-web-bookmark](https://github.com/MISP/misp-objects/blob/main/objects/tsk-web-bookmark/definition.json) - An Object Template to add evidential bookmarks identified during a digital forensic investigation. diff --git a/objects/ais/definition.json b/objects/ais/definition.json new file mode 100644 index 0000000..da7e1f0 --- /dev/null +++ b/objects/ais/definition.json @@ -0,0 +1,135 @@ +{ + "attributes": { + "ETA": { + "description": "Estimated time of arrival at destination", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 0 + }, + "IMO-number": { + "description": "IMO ship identification number: a seven digit number that remains unchanged upon transfer of the ship's registration to another country", + "misp-attribute": "text", + "ui-priority": 90 + }, + "MMSI": { + "description": "Vessel Maritime Maritime Mobile Service Identity (MMSI): a unique nine digit identification number.", + "misp-attribute": "text", + "ui-priority": 99 + }, + "call-sign": { + "description": "International radio call-sign, up to 7 characters.", + "misp-attribute": "text", + "ui-priority": 97 + }, + "course-over-ground": { + "description": "The course of the vessel, relative to true north to 0.1 degree", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 78 + }, + "destination": { + "description": "Destination of the vessel in max 20 characters", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "dimension-a": { + "description": "Distance in meters from Forward Perpendicular (FP)", + "misp-attribute": "float", + "ui-priority": 24 + }, + "dimension-b": { + "description": "Distance in meters from After Perpendicular (AP)", + "misp-attribute": "float", + "ui-priority": 23 + }, + "dimension-c": { + "description": "Distance in meters inboard from port side", + "misp-attribute": "float", + "ui-priority": 22 + }, + "dimension-d": { + "description": "Distance in meters inboard from starboard side", + "misp-attribute": "float", + "ui-priority": 21 + }, + "draught": { + "description": "Draught of ship. 0.1-25.5 meters", + "misp-attribute": "float", + "ui-priority": 20 + }, + "first-seen": { + "description": "When the location was seen for the first time.", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 87 + }, + "last-seen": { + "description": "When the location was seen for the last time.", + "disable_correlation": true, + "misp-attribute": "datetime", + "ui-priority": 86 + }, + "latitude": { + "description": "The latitude is the decimal value of the latitude in the World Geodetic System 84 (WGS84) reference.", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 89 + }, + "longitude": { + "description": "The longitude is the decimal value of the longitude in the World Geodetic System 84 (WGS84) reference", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 88 + }, + "name": { + "description": "20 characters to represent the name of the vessel", + "misp-attribute": "text", + "ui-priority": 98 + }, + "navigational-status": { + "description": "1. at anchor, 2. under command, 3. Restricted Manoeuvrability, etc.", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 80 + }, + "rate-of-turn": { + "description": "right or left, from 0 to 720 degrees per minute", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 75 + }, + "speed-over-ground": { + "description": "0.1 knot resolution from 0 to 102 knots", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 79 + }, + "true-heading": { + "description": "The true heading of the vessel. 0 to 359 degrees", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 77 + }, + "true-heading-at-own-position": { + "description": "The true heading at own position of the vessel. 0 to 359 degrees", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 76 + }, + "type-of-ship": { + "description": "Type of ship/cargo", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 91 + } + }, + "description": "Automatic Identification System (AIS) is an automatic tracking system that uses transceivers on ships.", + "meta-category": "marine", + "name": "AIS", + "requiredOneOf": [ + "mmsi" + ], + "uuid": "ef90551a-ff34-472c-9fba-c272c4435baa", + "version": 1 +} \ No newline at end of file diff --git a/schema_objects.json b/schema_objects.json index 9f57a44..2f8ed91 100644 --- a/schema_objects.json +++ b/schema_objects.json @@ -280,6 +280,7 @@ "file", "network", "financial", + "marine", "misc", "mobile", "internal",