MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Chg: Jq'ed all the objects

pull/118/head
aksha 2018-10-25 12:39:48 +01:00
parent 478dc899f2
commit 1cedea6506
22 changed files with 1470 additions and 1490 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
objects/TSK-Chats/definition.json
View File

@ -8,7 +8,7 @@
"description": "the type of message extracted from the forensic-evidence.", "description": "the type of message extracted from the forensic-evidence.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default":[ "sane_default": [
"SMS", "SMS",
"MMS", "MMS",
"Instant Message (IM)", "Instant Message (IM)",

40
objects/python-etvx-event-log/definition.json
View File

@ -7,23 +7,22 @@
"attributes": { "attributes": {
"event-id": { "event-id": {
"description": "A unique number which identifies the event.", "description": "A unique number which identifies the event.",
"ui-priority": 0, "ui-priority": 1,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"name": { "name": {
"description": "Name of the event.", "description": "Name of the event.",
"ui-priority": 0, "ui-priority": 2,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"event-channel": "event-channel": {
{ "description": " Channel through which the event occurred",
"description":" Channel through which the event occurred", "ui-priority": 3,
"ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true, "disable_correlation": true,
"sane-default":[ "sane-default": [
"Application", "Application",
"System", "System",
"Security", "Security",
@ -31,13 +30,12 @@
"other" "other"
] ]
}, },
"event-type": "event-type": {
{
"description": "Event-type assigned to the event", "description": "Event-type assigned to the event",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true, "disable_correlation": true,
"sane-default":[ "sane-default": [
"Admin", "Admin",
"Operational", "Operational",
"Audit", "Audit",
@ -51,8 +49,7 @@
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"event-date-time": "event-date-time": {
{
"description": "Date and time when the event was logged.", "description": "Date and time when the event was logged.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
@ -62,7 +59,7 @@
"description": "Determines the event severity.", "description": "Determines the event severity.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default":[ "sane_default": [
"Information", "Information",
"Warning", "Warning",
"Error", "Error",
@ -95,17 +92,17 @@
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"task-category":{ "task-category": {
"description": "Activity by the event publisher", "description": "Activity by the event publisher",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"Keywords":{ "Keywords": {
"description" : "Tags used for the event for the purpose of filtering or searching.", "description": "Tags used for the event for the purpose of filtering or searching.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default":[ "sane_default": [
"Network", "Network",
"Security", "Security",
"Resource not found", "Resource not found",
@ -141,22 +138,19 @@
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"kernel-time": "kernel-time": {
{
"description": "Execution time of the kernel mode instruction.", "description": "Execution time of the kernel mode instruction.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"user-time": "user-time": {
{
"description": "Date and time when the user instruction was executed.", "description": "Date and time when the user instruction was executed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "datetime", "misp-attribute": "datetime",
"disable_correlation": true "disable_correlation": true
}, },
"Event-data": "Event-data": {
{
"description": "Event data description.", "description": "Event data description.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",

9
objects/regripper-NTUser/definition.json
View File

@ -26,25 +26,25 @@
"description": "List of recent folders accessed by the user.", "description": "List of recent folders accessed by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"recent-files-accessed": { "recent-files-accessed": {
"description": "List of recent files accessed by the user.", "description": "List of recent files accessed by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"typed-urls": { "typed-urls": {
"description": "Urls typed by the user in internet explorer", "description": "Urls typed by the user in internet explorer",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"applications-installed": { "applications-installed": {
"description": "List of applications installed.", "description": "List of applications installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"applications-run": { "applications-run": {
"description": "List of applications set to run on the system.", "description": "List of applications set to run on the system.",
@ -89,7 +89,6 @@
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.", "description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.",

4
objects/regripper-sam-hive-single-user/definition.json
View File

@ -59,12 +59,10 @@
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to present user profile details extracted from the SAM hive.", "description": "Regripper Object template designed to present user profile details extracted from the SAM hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef", "uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef",
"name": "regripper-sam-hive-single-user" "name": "regripper-sam-hive-single-user"
} }

6
objects/regripper-sam-hive-user-group/definition.json
View File

@ -34,7 +34,7 @@
"disable_correlation": true "disable_correlation": true
}, },
"group-comment": { "group-comment": {
"description": "Name assigned to the profile.", "description": "Any group comment added.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
@ -45,12 +45,10 @@
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to present group profile details extracted from the SAM hive.", "description": "Regripper Object template designed to present group profile details extracted from the SAM hive.",
"meta-category": "misc", "meta-category": "misc",
"uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c", "uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c",
"name": "regripper-sam-hive-user-group" "name": "regripper-sam-hive-user-group"
} }

5
objects/regripper-software-hive-BHO/definition.json
View File

@ -48,7 +48,7 @@
"description": "References to the BHO.", "description": "References to the BHO.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple":true "multiple": true
} }
}, },
"version": 1, "version": 1,
@ -56,5 +56,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2", "uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2",
"name": "regripper-software-hive-BHO" "name": "regripper-software-hive-BHO"
} }

5
objects/regripper-software-hive-appInit-DLLS/definition.json
View File

@ -42,7 +42,7 @@
"description": "References to the DLL file.", "description": "References to the DLL file.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple":true "multiple": true
} }
}, },
"version": 1, "version": 1,
@ -50,5 +50,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859", "uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859",
"name": "regripper-software-hive-appInit-DLLS" "name": "regripper-software-hive-appInit-DLLS"
} }

9
objects/regripper-software-hive-application-paths/definition.json
View File

@ -20,13 +20,13 @@
"description": "Name of the executable file.", "description": "Name of the executable file.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"path": { "path": {
"description": "Path of the executable file.", "description": "Path of the executable file.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
@ -38,7 +38,7 @@
"description": "References to the application installed.", "description": "References to the application installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple":true "multiple": true
} }
}, },
"version": 1, "version": 1,
@ -46,5 +46,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8", "uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8",
"name": "regripper-software-hive-application-paths" "name": "regripper-software-hive-application-paths"
} }

5
objects/regripper-software-hive-applications-installed/definition.json
View File

@ -46,7 +46,7 @@
"description": "References to the application installed.", "description": "References to the application installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple":true "multiple": true
} }
}, },
"version": 1, "version": 1,
@ -54,5 +54,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd", "uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd",
"name": "regripper-software-hive-applications-installed" "name": "regripper-software-hive-applications-installed"
} }

5
objects/regripper-software-hive-command-shell/definition.json
View File

@ -20,7 +20,7 @@
"description": "Type of shell used to execute the command.", "description": "Type of shell used to execute the command.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default":[ "sane_default": [
"exe", "exe",
"cmd", "cmd",
"bat", "bat",
@ -52,5 +52,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978", "uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978",
"name": "regripper-software-hive-command-shell" "name": "regripper-software-hive-command-shell"
} }

9
objects/regripper-software-hive-general-windows-info/definition.json
View File

@ -28,7 +28,7 @@
"CurrentVersion": { "CurrentVersion": {
"description": "Current version of windows", "description": "Current version of windows",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "disable_correlation": true
}, },
"CurrentBuild": { "CurrentBuild": {
"description": "Build number of the windows OS.", "description": "Build number of the windows OS.",
@ -38,7 +38,7 @@
"SoftwareType": { "SoftwareType": {
"description": "Software type of windows.", "description": "Software type of windows.",
"ui-priority": 0, "ui-priority": 0,
"sane_default":[ "sane_default": [
"System", "System",
"Application", "Application",
"other" "other"
@ -90,7 +90,7 @@
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
}, },
"CurrentType": { "CurrentBuildType": {
"description": "Current build type of the OS.", "description": "Current build type of the OS.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
@ -122,5 +122,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "03200c25-4bf5-4282-9852-001a51ab20f1", "uuid": "03200c25-4bf5-4282-9852-001a51ab20f1",
"name": "regripper-software-hive-windows-general-info" "name": "regripper-software-hive-windows-general-info"
} }

9
objects/regripper-software-hive-software-run/definition.json
View File

@ -34,13 +34,13 @@
"description": "Name of the application run.", "description": "Name of the application run.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"application-path": { "application-path": {
"description": "Path where the application is installed.", "description": "Path where the application is installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"comments": { "comments": {
"description": "Additional comments.", "description": "Additional comments.",
@ -52,7 +52,7 @@
"description": "References to the applications.", "description": "References to the applications.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "link", "misp-attribute": "link",
"multiple":true "multiple": true
} }
}, },
"version": 1, "version": 1,
@ -60,5 +60,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94", "uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94",
"name": "regripper-software-hive-software-run" "name": "regripper-software-hive-software-run"
} }

3
objects/regripper-software-hive-userprofile-winlogon/definition.json
View File

@ -145,8 +145,7 @@
"misp-attribute": "counter", "misp-attribute": "counter",
"disable_correlation": true "disable_correlation": true
}, },
"Comments": "Comments": {
{
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",

8
objects/regripper-system-hive-firewall-configuration/definition.json
View File

@ -6,9 +6,12 @@
"profile": { "profile": {
"description": "Firewall Profile type", "description": "Firewall Profile type",
"ui-priority": 0, "ui-priority": 0,
"sane-default":[ "sane-default": [
"Domain Profile", "Domain Profile",
"Standard Profile", "Standard Profile",
"Network Profile",
"Public Profile",
"Private Profile",
"other" "other"
], ],
"misp-attribute": "text", "misp-attribute": "text",
@ -44,5 +47,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", "uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07",
"name": "regripper-system-hive-firewall-configuration" "name": "regripper-system-hive-firewall-configuration"
} }

3
objects/regripper-system-hive-general-configuration/definition.json
View File

@ -86,5 +86,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", "uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4",
"name": "regripper-system-hive-general-configuration" "name": "regripper-system-hive-general-configuration"
} }

3
objects/regripper-system-hive-network-information/definition.json
View File

@ -103,5 +103,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", "uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0",
"name": "regripper-system-hive-network-information." "name": "regripper-system-hive-network-information."
} }

7
objects/regripper-system-hive-service-drivers/definition.json
View File

@ -41,7 +41,7 @@
"start": { "start": {
"description": "When the service/driver starts or executes.", "description": "When the service/driver starts or executes.",
"ui-priority": 0, "ui-priority": 0,
"sane_default":[ "sane_default": [
"Boot start", "Boot start",
"System start", "System start",
"Auto start", "Auto start",
@ -54,7 +54,7 @@
"group": { "group": {
"description": "Group to which the system/driver belong to.", "description": "Group to which the system/driver belong to.",
"ui-priority": 0, "ui-priority": 0,
"sane_default":[ "sane_default": [
"Base", "Base",
"Boot Bus Extender", "Boot Bus Extender",
"Boot File System", "Boot File System",
@ -95,5 +95,4 @@
"meta-category": "misc", "meta-category": "misc",
"uuid": "78cdae45-2061-4b49-b1d6-71f562094a73", "uuid": "78cdae45-2061-4b49-b1d6-71f562094a73",
"name": "regripper-system-hive-services-drivers" "name": "regripper-system-hive-services-drivers"
} }