MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #396 from MISP/chrisr3d_patch 

New object templates to support new STIX 2.1 Incident extension objects
pull/400/head
Alexandre Dulaunoy 2023-07-19 08:39:56 +02:00 committed by GitHub
parent d94ab61ff7 2b7d563439
commit 0f5cbd49d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 1447 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
objects/availability-impact/definition.json Normal file
View File

@ -0,0 +1,96 @@
{
"attributes": {
"availability_impact": {
"description": "The availability impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"None",
"Minimal",
"Significant",
"Denial",
"Loss of Control"
],
"ui-priority": 0
},
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "Availability Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "availability-impact",
"required": [
"availability_impact"
],
"uuid": "19b4394a-46a9-4196-a30c-080eaed06273",
"version": 1
}

125
objects/confidentiality-impact/definition.json Normal file
View File

@ -0,0 +1,125 @@
{
"attributes": {
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"information_type": {
"description": "Type of information that had its confidentiality compromised.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"classified-material",
"communication",
"credentials-admin",
"credentials-user",
"financial",
"leval",
"payment",
"phi",
"pii",
"proprietary"
],
"ui-priority": 0
},
"loss_type": {
"description": "The type of loss that occurred to the relevant information.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"confirmed-loss",
"contained",
"exploited-loss",
"none",
"suspected-loss"
],
"ui-priority": 0
},
"record_count": {
"description": "The number of records of this type that were compromised.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"record_size": {
"description": "The amount of data that was compromised in bytes.",
"disable_correlation": true,
"misp-attribute": "size-in-bytes",
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "Confidentiality Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "confidentiality-impact",
"required": [
"loss_type"
],
"uuid": "b0027f13-56e4-4c85-9632-3cf81208429b",
"version": 1
}

172
objects/event/definition.json Normal file
View File

@ -0,0 +1,172 @@
{
"attributes": {
"description": {
"description": "Description of the event.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the event was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"event_type": {
"description": "Type of event.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"aggregation-information-phishing-schemes",
"benign",
"blocked",
"brute-force-attempt",
"c&c-server-hosting",
"compromised-system",
"confirmed",
"connection-malware-port",
"connection-malware-system",
"content-forbidden-by-law",
"control-system-bypass",
"copyrighted-content",
"data-exfiltration",
"deferred",
"deletion-information",
"denial-of-service",
"destruction",
"dictionary-attack-attempt",
"discarded",
"disruption-data-transmission",
"dissemination-malware-email",
"dissemination-phishing-emails",
"dns-cache-poisoning",
"dns-local-resolver-hijacking",
"dns-spoofing-registered",
"dns-rebinding",
"dns-server-compromise",
"dns-spoofing-unregistered",
"dns-stub-resolver-hijacking",
"dns-zone-transfer",
"domain-name-compromise",
"duplicate",
"email-flooding",
"equipment-loss",
"equipment-theft",
"exploit",
"exploit-attempt",
"exploit-framework-exhausting-resources",
"exploit-tool-exhausting-resources",
"failed",
"file-inclusion",
"file-inclusion-attempt",
"hosting-malware-webpage",
"hosting-phishing-sites",
"illegitimate-use-name",
"illegitimate-use-resources",
"infected-by-known-malware",
"insufficient-data",
"known-malware",
"lame-delegations",
"major",
"modification-information",
"misconfiguration",
"natural",
"network-scanning",
"no-apt",
"packet-flood",
"password-cracking-attempt",
"ransomware",
"refuted",
"scan-probe",
"silently-discarded",
"supply-chain-customer",
"supply-chain-vendor",
"spam",
"sql-injection",
"sql-injection-attempt",
"successful",
"system-probe",
"theft-access-credentials",
"unattributed",
"unauthorized-access-information",
"unauthorized-access-system",
"unauthorized-equipment",
"unauthorized-release",
"unauthorized-use",
"undetermined",
"unintentional",
"unknown-apt",
"unspecified",
"vandalism",
"wiretapping",
"worm-spreading",
"xss",
"xss-attempt"
],
"ui-priority": 0
},
"goal": {
"description": "The assumed objective of the event.",
"misp-attribute": "text",
"ui-priority": 0
},
"name": {
"description": "Name of the event.",
"misp-attribute": "text",
"ui-priority": 0
},
"start_time": {
"description": "The date and time the event was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"status": {
"description": "Current status of the event.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"not-occurred",
"ongoing",
"occurred",
"pending",
"undetermined"
],
"ui-priority": 1
}
},
"description": "Event object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "event",
"required": [
"status"
],
"uuid": "3853b726-6a9c-43b3-8ffb-23839b07d5a9",
"version": 1
}

97
objects/external-impact/definition.json Normal file
View File

@ -0,0 +1,97 @@
{
"attributes": {
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"impact_type": {
"description": "Type of impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"economic",
"emergency-services",
"foreign-relations",
"national-secuirty",
"public-confidence",
"public-health",
"public-safety"
],
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "External Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "external-impact",
"required": [
"impact_type"
],
"uuid": "4ac36991-9333-4ada-8e17-bcbeb988160a",
"version": 1
}

188
objects/incident/definition.json Normal file
View File

@ -0,0 +1,188 @@
{
"attributes": {
"criticality": {
"description": "Criticality of the incident",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Description of the incident.",
"misp-attribute": "text",
"ui-priority": 1
},
"detection_method": {
"description": "Methods used to detect the activity.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"automated-tool",
"human-review",
"message-from-attacker",
"system-outage",
"user-reporting"
],
"ui-priority": 0
},
"determination": {
"description": "Determination on the outcome of the incident.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"blocked",
"successful-attempt",
"failed-attempt",
"false-positive",
"low-value",
"suspected"
],
"ui-priority": 0
},
"incident_type": {
"description": "Type of incident",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"aggregation-information-phishing-schemes",
"benign",
"blocked",
"brute-force-attempt",
"c&c-server-hosting",
"compromised-system",
"confirmed",
"connection-malware-port",
"connection-malware-system",
"content-forbidden-by-law",
"control-system-bypass",
"copyrighted-content",
"data-exfiltration",
"deferred",
"deletion-information",
"denial-of-service",
"destruction",
"dictionary-attack-attempt",
"discarded",
"disruption-data-transmission",
"dissemination-malware-email",
"dissemination-phishing-emails",
"dns-cache-poisoning",
"dns-local-resolver-hijacking",
"dns-spoofing-registered",
"dns-rebinding",
"dns-server-compromise",
"dns-spoofing-unregistered",
"dns-stub-resolver-hijacking",
"dns-zone-transfer",
"domain-name-compromise",
"duplicate",
"email-flooding",
"equipment-loss",
"equipment-theft",
"exploit",
"exploit-attempt",
"exploit-framework-exhausting-resources",
"exploit-tool-exhausting-resources",
"failed",
"file-inclusion",
"file-inclusion-attempt",
"hosting-malware-webpage",
"hosting-phishing-sites",
"illegitimate-use-name",
"illegitimate-use-resources",
"infected-by-known-malware",
"insufficient-data",
"known-malware",
"lame-delegations",
"major",
"modification-information",
"misconfiguration",
"natural",
"network-scanning",
"no-apt",
"packet-flood",
"password-cracking-attempt",
"ransomware",
"refuted",
"scan-probe",
"silently-discarded",
"supply-chain-customer",
"supply-chain-vendor",
"spam",
"sql-injection",
"sql-injection-attempt",
"successful",
"system-probe",
"theft-access-credentials",
"unattributed",
"unauthorized-access-information",
"unauthorized-access-system",
"unauthorized-equipment",
"unauthorized-release",
"unauthorized-use",
"undetermined",
"unintentional",
"unknown-apt",
"unspecified",
"vandalism",
"wiretapping",
"worm-spreading",
"xss",
"xss-attempt"
],
"ui-priority": 0
},
"investigation_status": {
"description": "Current status of the incident investigation.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"closed",
"new",
"open"
],
"ui-priority": 0
},
"name": {
"description": "Name of the incident.",
"misp-attribute": "text",
"ui-priority": 1
},
"recoverability": {
"description": "Recoverability of the incident, with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"score": {
"description": "Incident score, with a name, an optional description and the numeric score value.",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 0
}
},
"description": "Incident object template as described in STIX 2.1 Incident object and its core extension.",
"meta-category": "misc",
"name": "incident",
"required": [
"name"
],
"uuid": "38597424-f9bb-4865-9b4b-819172df0334",
"version": 1
}

127
objects/integrity-impact/definition.json Normal file
View File

@ -0,0 +1,127 @@
{
"attributes": {
"alteration": {
"description": "",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"potential-destruction",
"potential-modification",
"partial-destruction",
"partial-modification",
"full-destruction",
"full-modification",
"none"
],
"ui-priority": 0
},
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"information_type": {
"description": "Type of information that had its confidentiality compromised.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"classified-material",
"communication",
"credentials-admin",
"credentials-user",
"financial",
"leval",
"payment",
"phi",
"pii",
"proprietary"
],
"ui-priority": 0
},
"record_count": {
"description": "The number of records of this type that were compromised.",
"disable_correlation": true,
"misp-attribute": "counter",
"ui-priority": 0
},
"record_size": {
"description": "The amount of data that was compromised in bytes.",
"disable_correlation": true,
"misp-attribute": "size-in-bytes",
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "Integrity Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "integrity-impact",
"required": [
"alteration"
],
"uuid": "604830f2-8035-4454-aa32-7f6eee1f04c6",
"version": 1
}

135
objects/monetary-impact/definition.json Normal file
View File

@ -0,0 +1,135 @@
{
"attributes": {
"conversion_rate": {
"description": "Conversion rate between currency and currency_actual (if needed).",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 0
},
"conversion_time": {
"description": "Timestamp when the conversion rate was queried.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"currency": {
"description": "Currency used to describe the max and min amount of the impact.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"currency_actual": {
"description": "Currency that the impact actually used.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"max_amount": {
"description": "Maximum damage estimate.",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 0
},
"min_amount": {
"description": "Minimum damage estimate.",
"disable_correlation": true,
"misp-attribute": "float",
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"variety": {
"description": "Variety of the moneraty impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"asset-and-fraud",
"brand-damage",
"business-disruption",
"competitive-advantage",
"legal-and-regulatory",
"operating-costs",
"ransom-demand",
"ransom-payment",
"response-and-recovery",
"uncategorized"
],
"ui-priority": 0
}
},
"description": "Monetary Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "monetary-impact",
"required": [
"variety"
],
"uuid": "3376296c-c1ef-4847-979f-2bfc49aa983e",
"version": 1
}

124
objects/physical-impact/definition.json Normal file
View File

@ -0,0 +1,124 @@
{
"attributes": {
"asset_type": {
"description": "The type or property or system that was affected by this impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"building-doors",
"building-windows",
"buildings",
"computers-mobile",
"computers-personal",
"computers-server",
"environment",
"ics-actuator",
"ics-engineering-workstation",
"ics-historian",
"ics-hmi",
"ics-other",
"ics-plc",
"ics-safety-system",
"ics-sensor",
"inventory",
"network-device",
"private-infrastructure",
"public-infrastructure",
"security-containers",
"vehicles"
],
"ui-priority": 0
},
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"impact_type": {
"description": "Type of physical impact.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"damaged-functional",
"damaged-nonfunctional",
"destruction",
"none",
"unknown"
],
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
}
},
"description": "Physical Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "physical-impact",
"required": [
"impact_type"
],
"uuid": "ae979b91-5896-46f7-ad70-4f3036d79251",
"version": 1
}

122
objects/task/definition.json Normal file
View File

@ -0,0 +1,122 @@
{
"attributes": {
"description": {
"description": "Description of the task.",
"misp-attribute": "text",
"ui-priority": 1
},
"end_time": {
"description": "The date and time the event was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"error": {
"description": "Details about any failure or deviation that occurred in the task.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"name": {
"description": "Name of the task.",
"misp-attribute": "text",
"ui-priority": 1
},
"outcome": {
"description": "Outcome of the task",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"cancelled",
"failed",
"ongoing",
"pending",
"successful",
"unknown"
],
"ui-priority": 0
},
"priority": {
"description": "Priority or importance of the task.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the event was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"task_type": {
"description": "Type of task.",
"disable_correlation": true,
"misp-attribute": "text",
"multiple": true,
"sane_default": [
"administrative",
"attribution",
"containment",
"declared",
"detected",
"eradication",
"escalated",
"exercised-control",
"external-intelligence",
"external-outreach",
"external-support",
"implemented-control",
"negotiation",
"playbook-execution",
"playbook-step-execution",
"recovery",
"reported",
"routine-updates",
"victim-notification"
],
"ui-priority": 0
}
},
"description": "Task object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "task",
"required": [
"outcome"
],
"uuid": "384734e7-8710-4ab0-901a-6f0e73a551e6",
"version": 1
}

93
objects/traceability-impact/definition.json Normal file
View File

@ -0,0 +1,93 @@
{
"attributes": {
"criticality": {
"description": "Criticality of the impact",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Not Specified",
"False Positive",
"Low",
"Moderate",
"High",
"Extreme"
],
"ui-priority": 0
},
"description": {
"description": "Additional details about the impact.",
"misp-attribute": "text",
"ui-priority": 0
},
"end_time": {
"description": "The date and time the impact was last recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"end_time_fidelity": {
"description": "Level of fidelity that the `end_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"recoverability": {
"description": "Recoverability of this particular impact with respect to feasibility and required time and resources.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"extended",
"not-applicable",
"not-recoverable",
"regular",
"supplemented"
],
"ui-priority": 0
},
"start_time": {
"description": "The date and time the impact was first recorded.",
"misp-attribute": "datetime",
"ui-priority": 0
},
"start_time_fidelity": {
"description": "Level of fidelity that the `start_time` is recorded in.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"day",
"hour",
"minute",
"month",
"second",
"year"
],
"ui-priority": 0
},
"traceability_impact": {
"description": "Impact on a system or organization's ability to perform audits or provvide non-repudiation.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"accountability-lost",
"partial-accountability",
"provable-accountability"
],
"ui-priority": 0
}
},
"description": "Traceability Impact object as described in STIX 2.1 Incident object extension.",
"meta-category": "misc",
"name": "traceability-impact",
"required": [
"traceability_impact"
],
"uuid": "1dd26500-6246-4750-ad47-94ae4e200d8f",
"version": 1
}

173
relationships/definition.json
View File

@ -200,7 +200,8 @@
"misp", "misp",
"stix-2.0" "stix-2.0"
], ],
"name": "targets" "name": "targets",
"opposite": "targeted-by"
}, },
{ {
"description": "This relationship describes the use by the source object of the target object.", "description": "This relationship describes the use by the source object of the target object.",
@ -400,14 +401,14 @@
"misp" "misp"
], ],
"name": "followed-by", "name": "followed-by",
"opposite": "preceding-by" "opposite": "preceded-by"
}, },
{ {
"description": "This relationship describes an object which is preceded by another object. This can be used when a time reference is missing but a sequence is known.", "description": "This relationship describes an object which is preceded by another object. This can be used when a time reference is missing but a sequence is known.",
"format": [ "format": [
"misp" "misp"
], ],
"name": "preceding-by", "name": "preceded-by",
"opposite": "followed-by" "opposite": "followed-by"
}, },
{ {
@ -1058,7 +1059,8 @@
"misp", "misp",
"haxpak" "haxpak"
], ],
"name": "creates" "name": "creates",
"opposite": "created-by"
}, },
{ {
"description": "Represents an object being the screenshot of something.", "description": "Represents an object being the screenshot of something.",
@ -1534,7 +1536,168 @@
"misp" "misp"
], ],
"name": "known-as" "name": "known-as"
},
{
"description": "The source object is led to the target object.",
"format": [
"stix-2.1"
],
"name": "led-to"
},
{
"description": "The source object has an impact on the target.",
"format": [
"stix-2.1"
],
"name": "impacts",
"opposite": "impacted-by"
},
{
"description": "The source object is impacted by the target.",
"format": [
"misp"
],
"name": "impacted-by",
"opposite": "impacts"
},
{
"description": "An object occured at a specific location.",
"format": [
"stix-2.1"
],
"name": "located-at"
},
{
"description": "The source object should be considered a point of contact for the target.",
"format": [
"stix-2.1"
],
"name": "contact-for"
},
{
"description": "The source object was responsible for detecting the target object.",
"format": [
"stix-2.1"
],
"name": "detects",
"opposite": "detected-by"
},
{
"description": "The source object is detected by the target object.",
"format": [
"misp"
],
"name": "detected-by",
"opposite": "detects"
},
{
"description": "The target object was observed as part of a source event.",
"format": [
"stix-2.1"
],
"name": "observed",
"opposite": "observed-by"
},
{
"description": "The source object was observed by the target object.",
"format": [
"misp"
],
"name": "observed-by",
"opposite": "observed"
},
{
"description": "The source object is based on the target.",
"format": [
"stix-2.1"
],
"name": "based-on"
},
{
"description": "The source object performed the target event.",
"format": [
"stix-2.1"
],
"name": "performed",
"opposite": "performed-by"
},
{
"description": "The source object was performed by the target.",
"format": [
"misp"
],
"name": "performed-by",
"opposite": "performed"
},
{
"description": "The source object blocks the target object.",
"format": [
"stix-2.1"
],
"name": "blocks",
"opposite": "blocked-by"
},
{
"description": "The source object is blocked by the target object.",
"format": [
"misp"
],
"name": "blocked-by",
"opposite": "blocks"
},
{
"description": "The source object causes the target event.",
"format": [
"stix-2.1"
],
"name": "causes",
"opposite": "caused-by"
},
{
"description": "The source object is caused by the target object.",
"format": [
"misp"
],
"name": "caused-by",
"opposite": "causes"
},
{
"description": "The source object is followed by the target because of an error.",
"format": [
"stix-2.1"
],
"name": "errored-to"
},
{
"description": "The source object has been assigned the target.",
"format": [
"stix-2.1"
],
"name": "assigned"
},
{
"description": "The source object participated in the target task.",
"format": [
"stix-2.1"
],
"name": "participated-in"
},
{
"description": "The source object is targeted by the target object.",
"format": [
"misp"
],
"name": "targeted-by",
"opposite": "targets"
},
{
"description": "The source object was created by the target object.",
"format": [
"misp"
],
"name": "created-by",
"opposite": "creates"
} }
], ],
"version": 39 "version": 40
} }