From 1cedea6506a3dba87dfd5fdaea963d7e3cbe2863 Mon Sep 17 00:00:00 2001 From: aksha Date: Thu, 25 Oct 2018 12:39:48 +0100 Subject: [PATCH] Chg: Jq'ed all the objects --- objects/TSK-Chats/definition.json | 168 ++++----- objects/TSK-Web-Bookmark/definition.json | 134 ++++---- objects/TSK-Web-Cookie/definition.json | 134 ++++---- objects/TSK-Web-Downloads/definition.json | 110 +++--- objects/TSK-Web-History/definition.json | 136 ++++---- objects/TSK-Web-Search-Query/definition.json | 132 ++++---- objects/python-etvx-event-log/definition.json | 320 +++++++++--------- objects/regripper-NTUser/definition.json | 11 +- .../definition.json | 134 ++++---- .../definition.json | 106 +++--- .../definition.json | 115 ++++--- .../definition.json | 103 +++--- .../definition.json | 95 +++--- .../definition.json | 111 +++--- .../definition.json | 107 +++--- .../definition.json | 247 +++++++------- .../definition.json | 123 ++++--- .../definition.json | 3 +- .../definition.json | 94 ++--- .../definition.json | 175 +++++----- .../definition.json | 209 ++++++------ .../definition.json | 193 ++++++----- 22 files changed, 1470 insertions(+), 1490 deletions(-) diff --git a/objects/TSK-Chats/definition.json b/objects/TSK-Chats/definition.json index bcda96a..ed5f00a 100644 --- a/objects/TSK-Chats/definition.json +++ b/objects/TSK-Chats/definition.json @@ -1,84 +1,84 @@ -{ - "required": [ - "message-type", - "message" - ], - "attributes": { - "message-type": { - "description": "the type of message extracted from the forensic-evidence.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default":[ - "SMS", - "MMS", - "Instant Message (IM)", - "Voice Message" - ], - "disable_correlation": true - }, - "datetime-sent": { - "description": "date and the time when the message was sent.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "datetime-received": { - "description": "date and time when the message was received.", - "multiple": true, - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "Source": { - "description": "Source of the message.(Contact details)", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "destination": { - "description": "Destination of the message.(Contact details)", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "app-used": { - "description": "Application used to send the message.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "subject": { - "description": "Subject of the message if any.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "message": { - "description": "Message exchanged.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "attachments": { - "description": "External references", - "multiple": true, - "ui-priority": 0, - "categories": [ - "External analysis" - ], - "misp-attribute": "link" - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.", - "meta-category": "misc", - "uuid": "6b71f231-c502-467f-bc67-1423cd5bf800", - "name": "TSK-Chats" -} +{ + "required": [ + "message-type", + "message" + ], + "attributes": { + "message-type": { + "description": "the type of message extracted from the forensic-evidence.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "SMS", + "MMS", + "Instant Message (IM)", + "Voice Message" + ], + "disable_correlation": true + }, + "datetime-sent": { + "description": "date and the time when the message was sent.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "datetime-received": { + "description": "date and time when the message was received.", + "multiple": true, + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "Source": { + "description": "Source of the message.(Contact details)", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "destination": { + "description": "Destination of the message.(Contact details)", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "app-used": { + "description": "Application used to send the message.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "subject": { + "description": "Subject of the message if any.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "message": { + "description": "Message exchanged.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "attachments": { + "description": "External references", + "multiple": true, + "ui-priority": 0, + "categories": [ + "External analysis" + ], + "misp-attribute": "link" + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to gather information from evidential or interesting exchange of messages identified during a digital forensic investigation.", + "meta-category": "misc", + "uuid": "6b71f231-c502-467f-bc67-1423cd5bf800", + "name": "TSK-Chats" +} diff --git a/objects/TSK-Web-Bookmark/definition.json b/objects/TSK-Web-Bookmark/definition.json index f5bd4b9..485577e 100644 --- a/objects/TSK-Web-Bookmark/definition.json +++ b/objects/TSK-Web-Bookmark/definition.json @@ -1,67 +1,67 @@ -{ - "required": [ - "URL" - ], - "attributes": { - "URL": { - "description": "The URL saved as bookmark.", - "ui-priority": 0, - "misp-attribute": "link" - }, - "datetime-bookmarked": { - "description": "date and time when the URL was added to favorites.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "name": { - "description": "Book mark name. ", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "title": { - "description": "Title of the web page", - "ui-priority": 0, - "misp-attribute": "text" - }, - "browser": { - "description": "Browser used to access the URL.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "IE", - "Safari", - "Chrome", - "Firefox", - "Opera mini", - "Chromium" - ], - "disable_correlation": true - }, - "domain-name": { - "description": "Domain of the URL.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "domain-ip": { - "description": "IP of the URL domain.", - "ui-priority": 0, - "misp-attribute": "ip-src" - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to add evidential bookmarks identified during a digital forensic investigation.", - "meta-category": "misc", - "uuid": "7d9a88a8-9934-4caa-a85b-f76bc97d5373", - "name": "TSK-Web-Bookmark" -} +{ + "required": [ + "URL" + ], + "attributes": { + "URL": { + "description": "The URL saved as bookmark.", + "ui-priority": 0, + "misp-attribute": "link" + }, + "datetime-bookmarked": { + "description": "date and time when the URL was added to favorites.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "name": { + "description": "Book mark name. ", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "title": { + "description": "Title of the web page", + "ui-priority": 0, + "misp-attribute": "text" + }, + "browser": { + "description": "Browser used to access the URL.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "IE", + "Safari", + "Chrome", + "Firefox", + "Opera mini", + "Chromium" + ], + "disable_correlation": true + }, + "domain-name": { + "description": "Domain of the URL.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "domain-ip": { + "description": "IP of the URL domain.", + "ui-priority": 0, + "misp-attribute": "ip-src" + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to add evidential bookmarks identified during a digital forensic investigation.", + "meta-category": "misc", + "uuid": "7d9a88a8-9934-4caa-a85b-f76bc97d5373", + "name": "TSK-Web-Bookmark" +} diff --git a/objects/TSK-Web-Cookie/definition.json b/objects/TSK-Web-Cookie/definition.json index db4ded0..03cf240 100644 --- a/objects/TSK-Web-Cookie/definition.json +++ b/objects/TSK-Web-Cookie/definition.json @@ -1,67 +1,67 @@ -{ - "required": [ - "URL", - "name", - "value" - ], - "attributes": { - "URL": { - "description": "The website URL that created the cookie.", - "ui-priority": 0, - "misp-attribute": "link" - }, - "datetime-created": { - "description": "date and time when the cookie was created.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "name": { - "description": "Name of the cookie ", - "ui-priority": 0, - "misp-attribute": "text" - }, - "value": { - "description": "Value assigned to the cookie.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "browser": { - "description": "Browser on which the cookie was created.", - "ui-priority": 0, - "sane_default": [ - "IE", - "Safari", - "Chrome", - "Firefox", - "Opera mini", - "Chromium" - ], - "misp-attribute": "text" - }, - "domain-name": { - "description": "Domain of the URL that created the cookie.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "domain-ip": { - "description": "IP of the domain that created the URL.", - "ui-priority": 0, - "misp-attribute": "ip-src" - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.", - "meta-category": "misc", - "uuid": "40d23a4f-43be-4c9e-8328-382a2188eb1d", - "name": "TSK-Web-Cookie" -} +{ + "required": [ + "URL", + "name", + "value" + ], + "attributes": { + "URL": { + "description": "The website URL that created the cookie.", + "ui-priority": 0, + "misp-attribute": "link" + }, + "datetime-created": { + "description": "date and time when the cookie was created.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "name": { + "description": "Name of the cookie ", + "ui-priority": 0, + "misp-attribute": "text" + }, + "value": { + "description": "Value assigned to the cookie.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "browser": { + "description": "Browser on which the cookie was created.", + "ui-priority": 0, + "sane_default": [ + "IE", + "Safari", + "Chrome", + "Firefox", + "Opera mini", + "Chromium" + ], + "misp-attribute": "text" + }, + "domain-name": { + "description": "Domain of the URL that created the cookie.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "domain-ip": { + "description": "IP of the domain that created the URL.", + "ui-priority": 0, + "misp-attribute": "ip-src" + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An TSK-Autopsy Object Template to represent cookies identified during a forensic investigation.", + "meta-category": "misc", + "uuid": "40d23a4f-43be-4c9e-8328-382a2188eb1d", + "name": "TSK-Web-Cookie" +} diff --git a/objects/TSK-Web-Downloads/definition.json b/objects/TSK-Web-Downloads/definition.json index 55ddf05..061fa64 100644 --- a/objects/TSK-Web-Downloads/definition.json +++ b/objects/TSK-Web-Downloads/definition.json @@ -1,55 +1,55 @@ -{ - "required": [ - "URL", - "name" - ], - "attributes": { - "URL": { - "description": "The URL used to download the file.", - "ui-priority": 0, - "misp-attribute": "link" - }, - "datetime-accessed": { - "description": "date and time when the file was downloaded.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "name": { - "description": "Name of the file downloaded.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "path-downloadedTo": { - "description": "Location the file was downloaded to.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "pathID": { - "description": "Id of the attribute file where the information is gathered from.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "attachment": { - "description": "The downloaded file itself.", - "ui-priority": 1, - "misp-attribute": "attachment", - "disable_correlation": true - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to add web-downloads", - "meta-category": "File", - "uuid": "ab9603a1-9dcc-48e8-a51c-b8bccc7bcc26", - "name": "TSK-Web-Downloads" -} +{ + "required": [ + "URL", + "name" + ], + "attributes": { + "URL": { + "description": "The URL used to download the file.", + "ui-priority": 0, + "misp-attribute": "link" + }, + "datetime-accessed": { + "description": "date and time when the file was downloaded.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "name": { + "description": "Name of the file downloaded.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "path-downloadedTo": { + "description": "Location the file was downloaded to.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "pathID": { + "description": "Id of the attribute file where the information is gathered from.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "attachment": { + "description": "The downloaded file itself.", + "ui-priority": 1, + "misp-attribute": "attachment", + "disable_correlation": true + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to add web-downloads", + "meta-category": "File", + "uuid": "ab9603a1-9dcc-48e8-a51c-b8bccc7bcc26", + "name": "TSK-Web-Downloads" +} diff --git a/objects/TSK-Web-History/definition.json b/objects/TSK-Web-History/definition.json index 84be3b9..897e13b 100644 --- a/objects/TSK-Web-History/definition.json +++ b/objects/TSK-Web-History/definition.json @@ -1,68 +1,68 @@ -{ - "required": [ - "URL", - "datetime-accessed" - ], - "attributes": { - "URL": { - "description": "The URL accessed.", - "ui-priority": 0, - "misp-attribute": "link" - }, - "datetime-accessed": { - "description": "date and the time when the URL was accessed.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "referrer": { - "description": "where the URL was referred from ", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "title": { - "description": "Title of the web page", - "ui-priority": 0, - "misp-attribute": "text" - }, - "domain-name": { - "description": "Domain of the URL.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "domain-ip": { - "description": "IP of the URL domain.", - "ui-priority": 0, - "misp-attribute": "ip-src" - }, - "browser": { - "description": "Browser used to access the URL.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "IE", - "Safari", - "Chrome", - "Firefox", - "Opera mini", - "Chromium" - ], - "disable_correlation": true - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to share web history information", - "meta-category": "misc", - "uuid": "e1325e52-e52e-49b1-89ad-d503c127c698", - "name": "TSK-Web-History" -} +{ + "required": [ + "URL", + "datetime-accessed" + ], + "attributes": { + "URL": { + "description": "The URL accessed.", + "ui-priority": 0, + "misp-attribute": "link" + }, + "datetime-accessed": { + "description": "date and the time when the URL was accessed.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "referrer": { + "description": "where the URL was referred from ", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "title": { + "description": "Title of the web page", + "ui-priority": 0, + "misp-attribute": "text" + }, + "domain-name": { + "description": "Domain of the URL.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "domain-ip": { + "description": "IP of the URL domain.", + "ui-priority": 0, + "misp-attribute": "ip-src" + }, + "browser": { + "description": "Browser used to access the URL.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "IE", + "Safari", + "Chrome", + "Firefox", + "Opera mini", + "Chromium" + ], + "disable_correlation": true + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to share web history information", + "meta-category": "misc", + "uuid": "e1325e52-e52e-49b1-89ad-d503c127c698", + "name": "TSK-Web-History" +} diff --git a/objects/TSK-Web-Search-Query/definition.json b/objects/TSK-Web-Search-Query/definition.json index 8e66b0d..046c266 100644 --- a/objects/TSK-Web-Search-Query/definition.json +++ b/objects/TSK-Web-Search-Query/definition.json @@ -1,66 +1,66 @@ -{ - "required": [ - "domain", - "text" - ], - "attributes": { - "domain": { - "description": "The domain of the search engine.", - "ui-priority": 0, - "misp-attribute": "link", - "sane_default": [ - "Google", - "Yahoo", - "Bing", - "Alta Vista", - "MSN" - ], - "disable_correlation": true - }, - "text": { - "description": "the search word or sentence.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "datetime-searched": { - "description": "date and time when the search was conducted.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "browser": { - "description": "Browser used.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default": [ - "IE", - "Safari", - "Chrome", - "Firefox", - "Opera mini", - "Chromium" - ], - "disable_correlation": true - }, - "username": { - "description": "User name or ID associated with the search.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "categories": [ - "External analysis" - ], - "disable_correlation": true - } - }, - "version": 1, - "description": "An Object Template to share web search query information", - "meta-category": "misc", - "uuid": "16b3f8d0-fd09-4812-a42c-b5aeff2d4c2e", - "name": "TSK-Web-Search-Query" -} +{ + "required": [ + "domain", + "text" + ], + "attributes": { + "domain": { + "description": "The domain of the search engine.", + "ui-priority": 0, + "misp-attribute": "link", + "sane_default": [ + "Google", + "Yahoo", + "Bing", + "Alta Vista", + "MSN" + ], + "disable_correlation": true + }, + "text": { + "description": "the search word or sentence.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "datetime-searched": { + "description": "date and time when the search was conducted.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "browser": { + "description": "Browser used.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "IE", + "Safari", + "Chrome", + "Firefox", + "Opera mini", + "Chromium" + ], + "disable_correlation": true + }, + "username": { + "description": "User name or ID associated with the search.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "categories": [ + "External analysis" + ], + "disable_correlation": true + } + }, + "version": 1, + "description": "An Object Template to share web search query information", + "meta-category": "misc", + "uuid": "16b3f8d0-fd09-4812-a42c-b5aeff2d4c2e", + "name": "TSK-Web-Search-Query" +} diff --git a/objects/python-etvx-event-log/definition.json b/objects/python-etvx-event-log/definition.json index e0fb273..79a2d13 100644 --- a/objects/python-etvx-event-log/definition.json +++ b/objects/python-etvx-event-log/definition.json @@ -5,169 +5,163 @@ "name" ], "attributes": { - "event-id": { - "description": "A unique number which identifies the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "name": { - "description": "Name of the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "event-channel": - { - "description":" Channel through which the event occurred", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true, - "sane-default":[ - "Application", - "System", - "Security", - "Setup", - "other" - ] - }, - "event-type": - { - "description": "Event-type assigned to the event", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true, - "sane-default":[ - "Admin", - "Operational", - "Audit", - "Analytic", - "Debug", - "other" - ] - }, - "source": { - "description": "The source of the event log - application/software that logged the event.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "event-date-time": - { - "description": "Date and time when the event was logged.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "level": { - "description": "Determines the event severity.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default":[ - "Information", - "Warning", - "Error", - "Critical", - "Success Audit", - "Failure Audit" - ] - }, - "Computer": { - "description": "Computer name on which the event occurred", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "User": { - "description": "Name or the User ID the event is associated with.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Operational-code": { - "description": "The opcode (numeric value or name) associated with the activity carried out by the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "log": { - "description": "Log file where the event was recorded.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "task-category":{ - "description": "Activity by the event publisher", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Keywords":{ - "description" : "Tags used for the event for the purpose of filtering or searching.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default":[ - "Network", - "Security", - "Resource not found", - "other" - ] - }, - "Processor-ID": { - "description": "ID of the processor that processed the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Thread-ID": { - "description": "Thread id that generated the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Session-ID": { - "description": "Terminal server session ID.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "Correlation-ID": { - "description": "Unique activity identity which relates the event to a process. ", - "ui-priority": 0, - "misp-attribute": "text" - }, - "Relative-Correlation-ID": { - "description": "Related activity ID which identity similar activities which occurred as a part of the event.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "kernel-time": - { - "description": "Execution time of the kernel mode instruction.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "user-time": - { - "description": "Date and time when the user instruction was executed.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "Event-data": - { - "description": "Event data description.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } + "event-id": { + "description": "A unique number which identifies the event.", + "ui-priority": 1, + "misp-attribute": "text", + "disable_correlation": true + }, + "name": { + "description": "Name of the event.", + "ui-priority": 2, + "misp-attribute": "text", + "disable_correlation": true + }, + "event-channel": { + "description": " Channel through which the event occurred", + "ui-priority": 3, + "misp-attribute": "text", + "disable_correlation": true, + "sane-default": [ + "Application", + "System", + "Security", + "Setup", + "other" + ] + }, + "event-type": { + "description": "Event-type assigned to the event", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true, + "sane-default": [ + "Admin", + "Operational", + "Audit", + "Analytic", + "Debug", + "other" + ] + }, + "source": { + "description": "The source of the event log - application/software that logged the event.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "event-date-time": { + "description": "Date and time when the event was logged.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "level": { + "description": "Determines the event severity.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "Information", + "Warning", + "Error", + "Critical", + "Success Audit", + "Failure Audit" + ] + }, + "Computer": { + "description": "Computer name on which the event occurred", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "User": { + "description": "Name or the User ID the event is associated with.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Operational-code": { + "description": "The opcode (numeric value or name) associated with the activity carried out by the event.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "log": { + "description": "Log file where the event was recorded.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "task-category": { + "description": "Activity by the event publisher", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Keywords": { + "description": "Tags used for the event for the purpose of filtering or searching.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "Network", + "Security", + "Resource not found", + "other" + ] + }, + "Processor-ID": { + "description": "ID of the processor that processed the event.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Thread-ID": { + "description": "Thread id that generated the event.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Session-ID": { + "description": "Terminal server session ID.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "Correlation-ID": { + "description": "Unique activity identity which relates the event to a process. ", + "ui-priority": 0, + "misp-attribute": "text" + }, + "Relative-Correlation-ID": { + "description": "Related activity ID which identity similar activities which occurred as a part of the event.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "kernel-time": { + "description": "Execution time of the kernel mode instruction.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "user-time": { + "description": "Date and time when the user instruction was executed.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "Event-data": { + "description": "Event data description.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } }, "version": 1, "description": "Event log object template to share information of the activities conducted on a system. ", diff --git a/objects/regripper-NTUser/definition.json b/objects/regripper-NTUser/definition.json index 6eb7193..9ec80c5 100644 --- a/objects/regripper-NTUser/definition.json +++ b/objects/regripper-NTUser/definition.json @@ -26,25 +26,25 @@ "description": "List of recent folders accessed by the user.", "ui-priority": 0, "misp-attribute": "text", - "multiple":true + "multiple": true }, "recent-files-accessed": { "description": "List of recent files accessed by the user.", "ui-priority": 0, "misp-attribute": "text", - "multiple":true + "multiple": true }, "typed-urls": { "description": "Urls typed by the user in internet explorer", "ui-priority": 0, "misp-attribute": "text", - "multiple":true + "multiple": true }, "applications-installed": { "description": "List of applications installed.", "ui-priority": 0, "misp-attribute": "text", - "multiple":true + "multiple": true }, "applications-run": { "description": "List of applications set to run on the system.", @@ -58,7 +58,7 @@ "misp-attribute": "text", "multiple": true }, - "user-init": { + "user-init": { "description": "Applications or processes set to run when the user logs onto the windows system.", "ui-priority": 0, "misp-attribute": "text", @@ -89,7 +89,6 @@ "misp-attribute": "text", "disable_correlation": true } - }, "version": 1, "description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.", diff --git a/objects/regripper-sam-hive-single-user/definition.json b/objects/regripper-sam-hive-single-user/definition.json index 2cf93d9..11632e3 100644 --- a/objects/regripper-sam-hive-single-user/definition.json +++ b/objects/regripper-sam-hive-single-user/definition.json @@ -1,70 +1,68 @@ { - "required": [ - "key" - ], - "requiredOneOf": [ - "user-name", - "last-login-time", - "login-count" - ], - "attributes": { - "key": { - "description": "Registry key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "key-last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "user-name": { - "description": "User name assigned to the user profile.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "full-user-name": { - "description": "Full name assigned to the user profile.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-login-time": { - "description": "Date and time when the user last logged onto the system.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "pwd-reset-time": { - "description": "Date and time when the password was last reset.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "pwd-fail-date": { - "description": "Date and time when a password last failed for this user profile.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "login-count": { - "description": "Number of times the user logged-in onto the system.", - "ui-priority": 0, - "misp-attribute": "counter", - "disable_correlation": true - }, - "comments": { - "description": "Full name assigned to the user profile.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } - + "required": [ + "key" + ], + "requiredOneOf": [ + "user-name", + "last-login-time", + "login-count" + ], + "attributes": { + "key": { + "description": "Registry key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to present user profile details extracted from the SAM hive.", - "meta-category": "misc", - "uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef", - "name": "regripper-sam-hive-single-user" - } - \ No newline at end of file + "key-last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "user-name": { + "description": "User name assigned to the user profile.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "full-user-name": { + "description": "Full name assigned to the user profile.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-login-time": { + "description": "Date and time when the user last logged onto the system.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "pwd-reset-time": { + "description": "Date and time when the password was last reset.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "pwd-fail-date": { + "description": "Date and time when a password last failed for this user profile.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "login-count": { + "description": "Number of times the user logged-in onto the system.", + "ui-priority": 0, + "misp-attribute": "counter", + "disable_correlation": true + }, + "comments": { + "description": "Full name assigned to the user profile.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to present user profile details extracted from the SAM hive.", + "meta-category": "misc", + "uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef", + "name": "regripper-sam-hive-single-user" +} diff --git a/objects/regripper-sam-hive-user-group/definition.json b/objects/regripper-sam-hive-user-group/definition.json index bcd2996..64119d0 100644 --- a/objects/regripper-sam-hive-user-group/definition.json +++ b/objects/regripper-sam-hive-user-group/definition.json @@ -1,56 +1,54 @@ { - "required": [ - "key" - ], - "requiredOneOf": [ - "group-name" - ], - "attributes": { - "key": { - "description": "Registry key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "key-last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "group-name": { - "description": "Name assigned to the profile.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "full-name": { - "description": "Full name assigned to the profile.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-date-time": { - "description": "Date and time when the group key was updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "group-comment": { - "description": "Name assigned to the profile.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "group-users": { - "description": "Users belonging to the group", - "ui-priority": 0, - "misp-attribute": "text", - "multiple": true - } - + "required": [ + "key" + ], + "requiredOneOf": [ + "group-name" + ], + "attributes": { + "key": { + "description": "Registry key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to present group profile details extracted from the SAM hive.", - "meta-category": "misc", - "uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c", - "name": "regripper-sam-hive-user-group" - } - \ No newline at end of file + "key-last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "group-name": { + "description": "Name assigned to the profile.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "full-name": { + "description": "Full name assigned to the profile.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-date-time": { + "description": "Date and time when the group key was updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "group-comment": { + "description": "Any group comment added.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "group-users": { + "description": "Users belonging to the group", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to present group profile details extracted from the SAM hive.", + "meta-category": "misc", + "uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c", + "name": "regripper-sam-hive-user-group" +} diff --git a/objects/regripper-software-hive-BHO/definition.json b/objects/regripper-software-hive-BHO/definition.json index 7c64241..0b43791 100644 --- a/objects/regripper-software-hive-BHO/definition.json +++ b/objects/regripper-software-hive-BHO/definition.json @@ -1,60 +1,59 @@ { - "required": [ - "key", - "BHO-name" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "BHO-name": { - "description": "Name of the browser helper object.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "BHO-key-last-write-time": { - "description": "Date and time when the BHO key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "class": { - "description": "Class to which the BHO belongs to.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "module": { - "description": "DLL module the BHO belongs to.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the BHO.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple":true - } + "required": [ + "key", + "BHO-name" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to gather information of the browser helper objects installed on the system.", - "meta-category": "misc", - "uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2", - "name": "regripper-software-hive-BHO" - } - \ No newline at end of file + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "BHO-name": { + "description": "Name of the browser helper object.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "BHO-key-last-write-time": { + "description": "Date and time when the BHO key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "class": { + "description": "Class to which the BHO belongs to.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "module": { + "description": "DLL module the BHO belongs to.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the BHO.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the browser helper objects installed on the system.", + "meta-category": "misc", + "uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2", + "name": "regripper-software-hive-BHO" +} diff --git a/objects/regripper-software-hive-appInit-DLLS/definition.json b/objects/regripper-software-hive-appInit-DLLS/definition.json index 3923e35..d089224 100644 --- a/objects/regripper-software-hive-appInit-DLLS/definition.json +++ b/objects/regripper-software-hive-appInit-DLLS/definition.json @@ -1,54 +1,53 @@ { - "required": [ - "key", - "DLL-name", - "DLL-path" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "DLL-name": { - "description": "Name of the DLL file.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "DLL-path": { - "description": "Path where the DLL file is stored.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "DLL-last-write-time": { - "description": "Date and time when the DLL file was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the DLL file.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple":true - } + "required": [ + "key", + "DLL-name", + "DLL-path" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to gather information of the DLL files installed on the system.", - "meta-category": "misc", - "uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859", - "name": "regripper-software-hive-appInit-DLLS" - } - \ No newline at end of file + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "DLL-name": { + "description": "Name of the DLL file.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "DLL-path": { + "description": "Path where the DLL file is stored.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "DLL-last-write-time": { + "description": "Date and time when the DLL file was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the DLL file.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the DLL files installed on the system.", + "meta-category": "misc", + "uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859", + "name": "regripper-software-hive-appInit-DLLS" +} diff --git a/objects/regripper-software-hive-application-paths/definition.json b/objects/regripper-software-hive-application-paths/definition.json index 939e39a..3929d42 100644 --- a/objects/regripper-software-hive-application-paths/definition.json +++ b/objects/regripper-software-hive-application-paths/definition.json @@ -1,50 +1,49 @@ { - "required": [ - "key", - "executable-file-name", - "path" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "executable-file-name": { - "description": "Name of the executable file.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple":true - }, - "path": { - "description": "Path of the executable file.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple":true - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the application installed.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple":true - } + "required": [ + "key", + "executable-file-name", + "path" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to gather information of the application paths.", - "meta-category": "misc", - "uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8", - "name": "regripper-software-hive-application-paths" - } - \ No newline at end of file + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "executable-file-name": { + "description": "Name of the executable file.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "path": { + "description": "Path of the executable file.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the application installed.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the application paths.", + "meta-category": "misc", + "uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8", + "name": "regripper-software-hive-application-paths" +} diff --git a/objects/regripper-software-hive-applications-installed/definition.json b/objects/regripper-software-hive-applications-installed/definition.json index 55c58ea..c8229c7 100644 --- a/objects/regripper-software-hive-applications-installed/definition.json +++ b/objects/regripper-software-hive-applications-installed/definition.json @@ -1,58 +1,57 @@ { - "required": [ - "key", - "app-name" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "key-path": { - "description": "Path of the key.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "app-name": { - "description": "Name of the application.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "app-last-write-time": { - "description": "Date and time when the application key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "version": { - "description": "Version of the application.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the application installed.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple":true - } + "required": [ + "key", + "app-name" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to gather information of the applications installed on the system.", - "meta-category": "misc", - "uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd", - "name": "regripper-software-hive-applications-installed" - } - \ No newline at end of file + "key-path": { + "description": "Path of the key.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "app-name": { + "description": "Name of the application.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "app-last-write-time": { + "description": "Date and time when the application key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "version": { + "description": "Version of the application.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the application installed.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the applications installed on the system.", + "meta-category": "misc", + "uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd", + "name": "regripper-software-hive-applications-installed" +} diff --git a/objects/regripper-software-hive-command-shell/definition.json b/objects/regripper-software-hive-command-shell/definition.json index 593308d..0d060d6 100644 --- a/objects/regripper-software-hive-command-shell/definition.json +++ b/objects/regripper-software-hive-command-shell/definition.json @@ -1,56 +1,55 @@ { - "required": [ - "key", - "shell", - "shell-path" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "shell": { - "description": "Type of shell used to execute the command.", - "ui-priority": 0, - "misp-attribute": "text", - "sane_default":[ - "exe", - "cmd", - "bat", - "hta", - "pif", - "Other" - ], - "disable_correlation": true - }, - "shell-path": { - "description": "Path of the shell.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "command": { - "description": "Command executed.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } + "required": [ + "key", + "shell", + "shell-path" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to gather information of the shell commands executed on the system.", - "meta-category": "misc", - "uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978", - "name": "regripper-software-hive-command-shell" - } - \ No newline at end of file + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "shell": { + "description": "Type of shell used to execute the command.", + "ui-priority": 0, + "misp-attribute": "text", + "sane_default": [ + "exe", + "cmd", + "bat", + "hta", + "pif", + "Other" + ], + "disable_correlation": true + }, + "shell-path": { + "description": "Path of the shell.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "command": { + "description": "Command executed.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the shell commands executed on the system.", + "meta-category": "misc", + "uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978", + "name": "regripper-software-hive-command-shell" +} diff --git a/objects/regripper-software-hive-general-windows-info/definition.json b/objects/regripper-software-hive-general-windows-info/definition.json index a05492f..85b5538 100644 --- a/objects/regripper-software-hive-general-windows-info/definition.json +++ b/objects/regripper-software-hive-general-windows-info/definition.json @@ -1,126 +1,125 @@ { - "required": [ - "win-cv-path", - "CurrentVersion" - ], - "attributes": { - "win-cv-path": { - "description": "key where the windows information is retrieved from", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "RegisteredOrganization": { - "description": "Name of the registered organization.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "RegisteredOwner": { - "description": "Name of the registered owner.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "CurrentVersion": { - "description": "Current version of windows", - "ui-priority": 0, - "misp-attribute": "text" - }, - "CurrentBuild": { - "description": "Build number of the windows OS.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "SoftwareType": { - "description": "Software type of windows.", - "ui-priority": 0, - "sane_default":[ - "System", - "Application", - "other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "InstallationType": { - "description": "Type of windows installation.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "InstallDate": { - "description": "Date when windows was installed.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "SystemRoot": { - "description": "Root directory.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "PathName": { - "description": "Path to the root directory.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "EditionID": { - "description": "Windows edition.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "ProductName": { - "description": "Name of the windows version.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "ProductID": { - "description": "ID of the product version.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "CSDVersion": { - "description": "Version of the service pack installed.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "CurrentType": { - "description": "Current build type of the OS.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "BuildLab": { - "description": "Windows BuildLab string.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "BuildGUID": { - "description": "Build ID.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "BuildLabEx": { - "description": "Windows BuildLabEx string.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "", - "disable_correlation": true - } + "required": [ + "win-cv-path", + "CurrentVersion" + ], + "attributes": { + "win-cv-path": { + "description": "key where the windows information is retrieved from", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to gather general windows information extracted from the software-hive.", - "meta-category": "misc", - "uuid": "03200c25-4bf5-4282-9852-001a51ab20f1", - "name": "regripper-software-hive-windows-general-info" - } - \ No newline at end of file + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "RegisteredOrganization": { + "description": "Name of the registered organization.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "RegisteredOwner": { + "description": "Name of the registered owner.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "CurrentVersion": { + "description": "Current version of windows", + "ui-priority": 0, + "disable_correlation": true + }, + "CurrentBuild": { + "description": "Build number of the windows OS.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "SoftwareType": { + "description": "Software type of windows.", + "ui-priority": 0, + "sane_default": [ + "System", + "Application", + "other" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "InstallationType": { + "description": "Type of windows installation.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "InstallDate": { + "description": "Date when windows was installed.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "SystemRoot": { + "description": "Root directory.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "PathName": { + "description": "Path to the root directory.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "EditionID": { + "description": "Windows edition.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "ProductName": { + "description": "Name of the windows version.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "ProductID": { + "description": "ID of the product version.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "CSDVersion": { + "description": "Version of the service pack installed.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "CurrentBuildType": { + "description": "Current build type of the OS.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "BuildLab": { + "description": "Windows BuildLab string.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "BuildGUID": { + "description": "Build ID.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "BuildLabEx": { + "description": "Windows BuildLabEx string.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather general windows information extracted from the software-hive.", + "meta-category": "misc", + "uuid": "03200c25-4bf5-4282-9852-001a51ab20f1", + "name": "regripper-software-hive-windows-general-info" +} diff --git a/objects/regripper-software-hive-software-run/definition.json b/objects/regripper-software-hive-software-run/definition.json index 95e93cc..35cb1f5 100644 --- a/objects/regripper-software-hive-software-run/definition.json +++ b/objects/regripper-software-hive-software-run/definition.json @@ -1,64 +1,63 @@ { - "required": [ - "key", - "application-name", - "application-path" - ], - "attributes": { - "key": { - "description": "Software hive key where the information is retrieved from.", - "ui-priority": 0, - "sane_default": [ - "Run", - "RunOnce", - "Runservices", - "Terminal", - "Other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "key-path": { - "description": "Path of the key.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "application-name": { - "description": "Name of the application run.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple":true - }, - "application-path": { - "description": "Path where the application is installed.", - "ui-priority": 0, - "misp-attribute": "text", - "multiple":true - }, - "comments": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "references": { - "description": "References to the applications.", - "ui-priority": 0, - "misp-attribute": "link", - "multiple":true - } + "required": [ + "key", + "application-name", + "application-path" + ], + "attributes": { + "key": { + "description": "Software hive key where the information is retrieved from.", + "ui-priority": 0, + "sane_default": [ + "Run", + "RunOnce", + "Runservices", + "Terminal", + "Other" + ], + "misp-attribute": "text", + "disable_correlation": true }, - "version": 1, - "description": "Regripper Object template designed to gather information of the applications set to run on the system.", - "meta-category": "misc", - "uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94", - "name": "regripper-software-hive-software-run" - } - \ No newline at end of file + "key-path": { + "description": "Path of the key.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "application-name": { + "description": "Name of the application run.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "application-path": { + "description": "Path where the application is installed.", + "ui-priority": 0, + "misp-attribute": "text", + "multiple": true + }, + "comments": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "references": { + "description": "References to the applications.", + "ui-priority": 0, + "misp-attribute": "link", + "multiple": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information of the applications set to run on the system.", + "meta-category": "misc", + "uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94", + "name": "regripper-software-hive-software-run" +} diff --git a/objects/regripper-software-hive-userprofile-winlogon/definition.json b/objects/regripper-software-hive-userprofile-winlogon/definition.json index 6dcbef9..e38ebd0 100644 --- a/objects/regripper-software-hive-userprofile-winlogon/definition.json +++ b/objects/regripper-software-hive-userprofile-winlogon/definition.json @@ -145,8 +145,7 @@ "misp-attribute": "counter", "disable_correlation": true }, - "Comments": - { + "Comments": { "description": "Additional comments.", "ui-priority": 0, "misp-attribute": "text", diff --git a/objects/regripper-system-hive-firewall-configuration/definition.json b/objects/regripper-system-hive-firewall-configuration/definition.json index 94ffeb8..fdd0663 100644 --- a/objects/regripper-system-hive-firewall-configuration/definition.json +++ b/objects/regripper-system-hive-firewall-configuration/definition.json @@ -1,48 +1,50 @@ { - "required": [ - "profile" - ], - "attributes": { - "profile": { - "description": "Firewall Profile type", - "ui-priority": 0, - "sane-default":[ - "Domain Profile", - "Standard Profile", - "other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "last-write-time": { - "description": "Date and time when the firewall profile policy was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "enbled-firewall": { - "description": "Boolean flag to determine if the firewall is enabled.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "disable-notification": { - "description": "Boolean flag to determine if firewall notifications are enabled.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } + "required": [ + "profile" + ], + "attributes": { + "profile": { + "description": "Firewall Profile type", + "ui-priority": 0, + "sane-default": [ + "Domain Profile", + "Standard Profile", + "Network Profile", + "Public Profile", + "Private Profile", + "other" + ], + "misp-attribute": "text", + "disable_correlation": true }, - "version": 1, - "description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.", - "meta-category": "misc", - "uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", - "name": "regripper-system-hive-firewall-configuration" - } - \ No newline at end of file + "last-write-time": { + "description": "Date and time when the firewall profile policy was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "enbled-firewall": { + "description": "Boolean flag to determine if the firewall is enabled.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "disable-notification": { + "description": "Boolean flag to determine if firewall notifications are enabled.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.", + "meta-category": "misc", + "uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", + "name": "regripper-system-hive-firewall-configuration" +} diff --git a/objects/regripper-system-hive-general-configuration/definition.json b/objects/regripper-system-hive-general-configuration/definition.json index c007e4a..04a67fc 100644 --- a/objects/regripper-system-hive-general-configuration/definition.json +++ b/objects/regripper-system-hive-general-configuration/definition.json @@ -1,90 +1,89 @@ { - "required": [ - "computer-name" - ], - "attributes": { - "computer-name": { - "description": "name of the computer under analysis", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "shutdown-time": { - "description": "Date and time when the system was shutdown.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "timezone-last-write-time": { - "description": "Date and time when the timezone key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "timezone-bias": { - "description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "timezone-standard-name": { - "description": "Timezone standard name used during non-daylight saving months.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "timezone-standard-date": { - "description": "Standard date - non daylight saving months", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "timezone-standard-bias": { - "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "timezone-daylight-name": { - "description": "Timezone name used during daylight saving months.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "timezone-daylight-date": { - "description": "Daylight date - daylight saving months", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "timezone-daylight-bias": { - "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "fDenyTSConnections:": { - "description": "Specifies whether remote connections are enabled or disabled on the system.", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "", - "disable_correlation": true - } + "required": [ + "computer-name" + ], + "attributes": { + "computer-name": { + "description": "name of the computer under analysis", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to present general system properties extracted from the system-hive.", - "meta-category": "misc", - "uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", - "name": "regripper-system-hive-general-configuration" - } - \ No newline at end of file + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "shutdown-time": { + "description": "Date and time when the system was shutdown.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "timezone-last-write-time": { + "description": "Date and time when the timezone key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "timezone-bias": { + "description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "timezone-standard-name": { + "description": "Timezone standard name used during non-daylight saving months.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "timezone-standard-date": { + "description": "Standard date - non daylight saving months", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "timezone-standard-bias": { + "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "timezone-daylight-name": { + "description": "Timezone name used during daylight saving months.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "timezone-daylight-date": { + "description": "Daylight date - daylight saving months", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "timezone-daylight-bias": { + "description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "fDenyTSConnections:": { + "description": "Specifies whether remote connections are enabled or disabled on the system.", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to present general system properties extracted from the system-hive.", + "meta-category": "misc", + "uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", + "name": "regripper-system-hive-general-configuration" +} diff --git a/objects/regripper-system-hive-network-information/definition.json b/objects/regripper-system-hive-network-information/definition.json index 3a872e1..dfd3e85 100644 --- a/objects/regripper-system-hive-network-information/definition.json +++ b/objects/regripper-system-hive-network-information/definition.json @@ -1,107 +1,106 @@ { - "required": [ - "network-key" - ], - "attributes": { - "network-key": { - "description": "Registry key assigned to the network", - "ui-priority": 0, - "misp-attribute": "text" - }, - "network-key-last-write-time": { - "description": "Date and time when the network key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "network-key-path": { - "description": "Path of the key where the information is retrieved from.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "TCPIP-key": { - "description": "TCPIP key", - "ui-priority": 0, - "misp-attribute": "text" - }, - "TCPIP-key-last-write-time": { - "description": "Datetime when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "DHCP-domain": { - "description": "Name of the DHCP domain service", - "ui-priority": 0, - "misp-attribute": "text" - }, - "DHCP-IP-address": { - "description": "DHCP service - IP address", - "ui-priority": 0, - "misp-attribute": "ip-dst" - }, - "DHCP-subnet-mask": { - "description": "DHCP subnet mask - IP address.", - "ui-priority": 0, - "misp-attribute": "ip-dst" - }, - "DHCP-name-server": { - "description": "DHCP Name server - IP address.", - "ui-priority": 0, - "misp-attribute": "ip-dst" - }, - "DHCP-server": { - "description": "DHCP server - IP address.", - "ui-priority": 0, - "misp-attribute": "ip-dst" - }, - "interface-GUID": { - "description": "GUID value assigned to the interface.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "interface-last-write-time": { - "description": "Last date and time when the interface key was updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "interface-name": { - "description": "Name of the interface.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "interface-PnpInstanceID": { - "description": "Plug and Play instance ID assigned to the interface.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "interface-MediaSubType": { - "description": "", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - }, - "interface-IPcheckingEnabled": { - "description": "", - "ui-priority": 0, - "misp-attribute": "boolean", - "disable_correlation": true - }, - "additional-comments": { - "description": "Comments.", - "ui-priority": 0, - "misp-attribute": "text", - "disable_correlation": true - } + "required": [ + "network-key" + ], + "attributes": { + "network-key": { + "description": "Registry key assigned to the network", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper object template designed to gather network information from the system-hive.", - "meta-category": "misc", - "uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", - "name": "regripper-system-hive-network-information." - } - \ No newline at end of file + "network-key-last-write-time": { + "description": "Date and time when the network key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "network-key-path": { + "description": "Path of the key where the information is retrieved from.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "TCPIP-key": { + "description": "TCPIP key", + "ui-priority": 0, + "misp-attribute": "text" + }, + "TCPIP-key-last-write-time": { + "description": "Datetime when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "DHCP-domain": { + "description": "Name of the DHCP domain service", + "ui-priority": 0, + "misp-attribute": "text" + }, + "DHCP-IP-address": { + "description": "DHCP service - IP address", + "ui-priority": 0, + "misp-attribute": "ip-dst" + }, + "DHCP-subnet-mask": { + "description": "DHCP subnet mask - IP address.", + "ui-priority": 0, + "misp-attribute": "ip-dst" + }, + "DHCP-name-server": { + "description": "DHCP Name server - IP address.", + "ui-priority": 0, + "misp-attribute": "ip-dst" + }, + "DHCP-server": { + "description": "DHCP server - IP address.", + "ui-priority": 0, + "misp-attribute": "ip-dst" + }, + "interface-GUID": { + "description": "GUID value assigned to the interface.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "interface-last-write-time": { + "description": "Last date and time when the interface key was updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "interface-name": { + "description": "Name of the interface.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "interface-PnpInstanceID": { + "description": "Plug and Play instance ID assigned to the interface.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "interface-MediaSubType": { + "description": "", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + }, + "interface-IPcheckingEnabled": { + "description": "", + "ui-priority": 0, + "misp-attribute": "boolean", + "disable_correlation": true + }, + "additional-comments": { + "description": "Comments.", + "ui-priority": 0, + "misp-attribute": "text", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper object template designed to gather network information from the system-hive.", + "meta-category": "misc", + "uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", + "name": "regripper-system-hive-network-information." +} diff --git a/objects/regripper-system-hive-service-drivers/definition.json b/objects/regripper-system-hive-service-drivers/definition.json index ff7984c..35054ab 100644 --- a/objects/regripper-system-hive-service-drivers/definition.json +++ b/objects/regripper-system-hive-service-drivers/definition.json @@ -1,99 +1,98 @@ { - "required": [ - "name" - ], - "attributes": { - "name": { - "description": "name of the key", - "ui-priority": 0, - "misp-attribute": "text" - }, - "last-write-time": { - "description": "Date and time when the key was last updated.", - "ui-priority": 0, - "misp-attribute": "datetime", - "disable_correlation": true - }, - "display": { - "description": "Display name/information of the service or the driver.", - "ui-priority": 0, - "misp-attribute": "text" - }, - "image-path": { - "description": "Path of the service/drive", - "ui-priority": 0, - "misp-attribute": "text" - }, - "type": { - "description": "Service/driver type.", - "ui-priority": 0, - "sane_default": [ - "Kernel driver", - "File system driver", - "Own process", - "Share process", - "Interactive", - "Other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "start": { - "description": "When the service/driver starts or executes.", - "ui-priority": 0, - "sane_default":[ - "Boot start", - "System start", - "Auto start", - "Manual", - "Disabled" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "group": { - "description": "Group to which the system/driver belong to.", - "ui-priority": 0, - "sane_default":[ - "Base", - "Boot Bus Extender", - "Boot File System", - "Cryptography", - "Extended base", - "Event Log", - "Filter", - "FSFilter Bottom", - "FSFilter Infrastructure", - "File System", - "FSFilter Virtualization", - "Keyboard Port", - "Network", - "NDIS", - "Parallel arbitrator", - "Pointer Port", - "PnP Filter", - "ProfSvc_Group", - "PNP_TDI", - "SCSI Miniport", - "SCSI CDROM Class", - "System Bus Extender", - "Video Save", - "other" - ], - "misp-attribute": "text", - "disable_correlation": true - }, - "comment": { - "description": "Additional comments.", - "ui-priority": 0, - "misp-attribute": "", - "disable_correlation": true - } + "required": [ + "name" + ], + "attributes": { + "name": { + "description": "name of the key", + "ui-priority": 0, + "misp-attribute": "text" }, - "version": 1, - "description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.", - "meta-category": "misc", - "uuid": "78cdae45-2061-4b49-b1d6-71f562094a73", - "name": "regripper-system-hive-services-drivers" - } - \ No newline at end of file + "last-write-time": { + "description": "Date and time when the key was last updated.", + "ui-priority": 0, + "misp-attribute": "datetime", + "disable_correlation": true + }, + "display": { + "description": "Display name/information of the service or the driver.", + "ui-priority": 0, + "misp-attribute": "text" + }, + "image-path": { + "description": "Path of the service/drive", + "ui-priority": 0, + "misp-attribute": "text" + }, + "type": { + "description": "Service/driver type.", + "ui-priority": 0, + "sane_default": [ + "Kernel driver", + "File system driver", + "Own process", + "Share process", + "Interactive", + "Other" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "start": { + "description": "When the service/driver starts or executes.", + "ui-priority": 0, + "sane_default": [ + "Boot start", + "System start", + "Auto start", + "Manual", + "Disabled" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "group": { + "description": "Group to which the system/driver belong to.", + "ui-priority": 0, + "sane_default": [ + "Base", + "Boot Bus Extender", + "Boot File System", + "Cryptography", + "Extended base", + "Event Log", + "Filter", + "FSFilter Bottom", + "FSFilter Infrastructure", + "File System", + "FSFilter Virtualization", + "Keyboard Port", + "Network", + "NDIS", + "Parallel arbitrator", + "Pointer Port", + "PnP Filter", + "ProfSvc_Group", + "PNP_TDI", + "SCSI Miniport", + "SCSI CDROM Class", + "System Bus Extender", + "Video Save", + "other" + ], + "misp-attribute": "text", + "disable_correlation": true + }, + "comment": { + "description": "Additional comments.", + "ui-priority": 0, + "misp-attribute": "", + "disable_correlation": true + } + }, + "version": 1, + "description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.", + "meta-category": "misc", + "uuid": "78cdae45-2061-4b49-b1d6-71f562094a73", + "name": "regripper-system-hive-services-drivers" +}