MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'main' into main

pull/306/head
Théo BARRAGUÉ 2021-02-22 11:46:56 +01:00 committed by GitHub
parent 159be29a66 4e011f2478
commit 1bf9f93b83
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 194 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
objects/authenticode-signerinfo/definition.json
View File

@ -5,8 +5,20 @@
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 0 "ui-priority": 0
}, },
"digest-base64": {
"description": "Signature created by the signing certificates private key",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"digest_algorithm": { "digest_algorithm": {
"description": "Digest algorithm", "description": "Algorithm used to hash the file.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"encryption_algorithm": {
"description": "Algorithm used to encrypt the digest",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 0 "ui-priority": 0
@ -22,6 +34,12 @@
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 0 "ui-priority": 0
}, },
"serial-number": {
"description": "Serial number of the certificate",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"signature_algorithm": { "signature_algorithm": {
"description": "Signature algorithm", "description": "Signature algorithm",
"disable_correlation": true, "disable_correlation": true,
@ -55,8 +73,9 @@
"name": "authenticode-signerinfo", "name": "authenticode-signerinfo",
"requiredOneOf": [ "requiredOneOf": [
"url", "url",
"program-name" "program-name",
"issuer"
], ],
"uuid": "965cb0aa-baf1-4cc6-9070-68f5c1698c1e", "uuid": "965cb0aa-baf1-4cc6-9070-68f5c1698c1e",
"version": 1 "version": 2
} }

7
objects/pe/definition.json
View File

@ -1,5 +1,10 @@
{ {
"attributes": { "attributes": {
"authentihash": {
"description": "Authenticode executable signature hash (sha256)",
"misp-attribute": "authentihash",
"ui-priority": 1
},
"company-name": { "company-name": {
"description": "CompanyName in the resources", "description": "CompanyName in the resources",
"disable_correlation": true, "disable_correlation": true,
@ -131,5 +136,5 @@
"impfuzzy" "impfuzzy"
], ],
"uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07", "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
"version": 6 "version": 7
} }

5
objects/regexp/definition.json
View File

@ -19,7 +19,8 @@
"PCRE", "PCRE",
"PCRE2", "PCRE2",
"POSIX BRE", "POSIX BRE",
"POSIX ERE" "POSIX ERE",
"FCRE (Farsight Compatible Regular Expressions)"
] ]
}, },
"type": { "type": {
@ -51,5 +52,5 @@
"regexp" "regexp"
], ],
"uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648", "uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"version": 4 "version": 5
} }

11
objects/report/definition.json
View File

@ -9,6 +9,12 @@
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 1 "ui-priority": 1
}, },
"link": {
"description": "Link to the report mentioned",
"misp-attribute": "link",
"multiple": true,
"ui-priority": 100
},
"report-file(s)": { "report-file(s)": {
"description": "Attachment(s) that is related to the report", "description": "Attachment(s) that is related to the report",
"misp-attribute": "attachment", "misp-attribute": "attachment",
@ -30,8 +36,9 @@
"meta-category": "misc", "meta-category": "misc",
"name": "report", "name": "report",
"required": [ "required": [
"summary" "summary",
"link"
], ],
"uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df", "uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"version": 1 "version": 2
} }

3
objects/splunk/definition.json
View File

@ -46,6 +46,7 @@
"description": "Search / Correlation search", "description": "Search / Correlation search",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true,
"ui-priority": 0 "ui-priority": 0
} }
}, },
@ -56,5 +57,5 @@
"search" "search"
], ],
"uuid": "fd9b7bf8-df7b-4df9-bcd8-28591edcaab8", "uuid": "fd9b7bf8-df7b-4df9-bcd8-28591edcaab8",
"version": 1 "version": 2
} }

45
objects/telegram-account/definition.json Normal file
View File

@ -0,0 +1,45 @@
{
"attributes": {
"first_name": {
"description": "First name",
"misp-attribute": "text",
"ui-priority": 1
},
"id": {
"description": "Telegram user identifier",
"misp-attribute": "text",
"ui-priority": 1
},
"last_name": {
"description": "Last name",
"misp-attribute": "text",
"ui-priority": 1
},
"phone": {
"description": "Phone associated with the telegram user",
"misp-attribute": "text",
"multiple": true,
"ui-priority": 1
},
"username": {
"description": "Telegram username",
"misp-attribute": "text",
"ui-priority": 1
},
"verified": {
"description": "Verified",
"misp-attribute": "text",
"ui-priority": 1
}
},
"description": "Information related to a telegram account",
"meta-category": "misc",
"name": "telegram-account",
"requiredOneOf": [
"id",
"phone",
"username"
],
"uuid": "06f02ecf-5afb-42c5-9cb0-b362e222f52c",
"version": 2
}

3
objects/url/definition.json
View File

@ -35,6 +35,7 @@
"ip": { "ip": {
"description": "Better type when the host is an IP.", "description": "Better type when the host is an IP.",
"misp-attribute": "ip-dst", "misp-attribute": "ip-dst",
"multiple": true,
"ui-priority": 0 "ui-priority": 0
}, },
"last-seen": { "last-seen": {
@ -105,5 +106,5 @@
"resource_path" "resource_path"
], ],
"uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5", "uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
"version": 8 "version": 9
} }

6
objects/virustotal-report/definition.json
View File

@ -5,6 +5,7 @@
"External analysis" "External analysis"
], ],
"description": "Comment related to this hash", "description": "Comment related to this hash",
"disable_correlation": true,
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true, "multiple": true,
"ui-priority": 2 "ui-priority": 2
@ -32,6 +33,7 @@
"Other" "Other"
], ],
"description": "First Submission", "description": "First Submission",
"disable_correlation": true,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"ui-priority": 0 "ui-priority": 0
}, },
@ -40,6 +42,7 @@
"Other" "Other"
], ],
"description": "Last Submission", "description": "Last Submission",
"disable_correlation": true,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"ui-priority": 0 "ui-priority": 0
}, },
@ -48,6 +51,7 @@
"External analysis" "External analysis"
], ],
"description": "Permalink Reference", "description": "Permalink Reference",
"disable_correlation": true,
"misp-attribute": "link", "misp-attribute": "link",
"ui-priority": 2 "ui-priority": 2
} }
@ -59,5 +63,5 @@
"permalink" "permalink"
], ],
"uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"version": 3 "version": 4
} }

92
objects/windows-service/definition.json Normal file
View File

@ -0,0 +1,92 @@
{
"attributes": {
"comment": {
"description": "Additional comments.",
"disable_correlation": true,
"misp-attribute": "text",
"ui-priority": 0
},
"display": {
"description": "Display name/information of the service.",
"misp-attribute": "windows-service-displayname",
"ui-priority": 0
},
"group": {
"description": "Group to which the system/driver belong to.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Base",
"Boot Bus Extender",
"Boot File System",
"Cryptography",
"Extended base",
"Event Log",
"Filter",
"FSFilter Bottom",
"FSFilter Infrastructure",
"File System",
"FSFilter Virtualization",
"Keyboard Port",
"Network",
"NDIS",
"Parallel arbitrator",
"Pointer Port",
"PnP Filter",
"ProfSvc_Group",
"PNP_TDI",
"SCSI Miniport",
"SCSI CDROM Class",
"System Bus Extender",
"Video Save",
"other"
],
"ui-priority": 0
},
"image-path": {
"description": "Path of the service/drive",
"misp-attribute": "text",
"ui-priority": 0
},
"name": {
"description": "name of the service",
"misp-attribute": "windows-service-name",
"ui-priority": 0
},
"start": {
"description": "When the service/driver starts or executes.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Boot start",
"System start",
"Auto start",
"Manual",
"Disabled"
],
"ui-priority": 0
},
"type": {
"description": "Service/driver type.",
"disable_correlation": true,
"misp-attribute": "text",
"sane_default": [
"Kernel driver",
"File system driver",
"Own process",
"Share process",
"Interactive",
"Other"
],
"ui-priority": 0
}
},
"description": "Windows service and detailed about a service running a Windows operating system",
"meta-category": "misc",
"name": "windows-service",
"required": [
"name"
],
"uuid": "7598cc63-7ba3-4d0a-91c0-b875c6013035",
"version": 1
}

9
relationships/definition.json
View File

@ -1042,6 +1042,13 @@
], ],
"name": "extends" "name": "extends"
}, },
{
"description": "Reprensents an object which writes towards another object or attribute",
"format": [
"misp"
],
"name": "writes"
},
{ {
"description": "Represents the semantic link of an asn object being ranked with a bgp-ranking object", "description": "Represents the semantic link of an asn object being ranked with a bgp-ranking object",
"format": [ "format": [
@ -1143,5 +1150,5 @@
"name": "doxed-by" "name": "doxed-by"
} }
], ],
"version": 21 "version": 22
} }