MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Chg: Jq'ed all the objects

pull/118/head
aksha 2018-10-25 12:39:48 +01:00
parent 478dc899f2
commit 1cedea6506
22 changed files with 1470 additions and 1490 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
objects/TSK-Chats/definition.json
View File

@ -8,7 +8,7 @@
"description": "the type of message extracted from the forensic-evidence.", "description": "the type of message extracted from the forensic-evidence.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"sane_default":[ "sane_default": [
"SMS", "SMS",
"MMS", "MMS",
"Instant Message (IM)", "Instant Message (IM)",

320
objects/python-etvx-event-log/definition.json
View File

@ -5,169 +5,163 @@
"name" "name"
], ],
"attributes": { "attributes": {
"event-id": { "event-id": {
"description": "A unique number which identifies the event.", "description": "A unique number which identifies the event.",
"ui-priority": 0, "ui-priority": 1,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"name": { "name": {
"description": "Name of the event.", "description": "Name of the event.",
"ui-priority": 0, "ui-priority": 2,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, },
"event-channel": "event-channel": {
{ "description": " Channel through which the event occurred",
"description":" Channel through which the event occurred", "ui-priority": 3,
"ui-priority": 0, "misp-attribute": "text",
"misp-attribute": "text", "disable_correlation": true,
"disable_correlation": true, "sane-default": [
"sane-default":[ "Application",
"Application", "System",
"System", "Security",
"Security", "Setup",
"Setup", "other"
"other" ]
] },
}, "event-type": {
"event-type": "description": "Event-type assigned to the event",
{ "ui-priority": 0,
"description": "Event-type assigned to the event", "misp-attribute": "text",
"ui-priority": 0, "disable_correlation": true,
"misp-attribute": "text", "sane-default": [
"disable_correlation": true, "Admin",
"sane-default":[ "Operational",
"Admin", "Audit",
"Operational", "Analytic",
"Audit", "Debug",
"Analytic", "other"
"Debug", ]
"other" },
] "source": {
}, "description": "The source of the event log - application/software that logged the event.",
"source": { "ui-priority": 0,
"description": "The source of the event log - application/software that logged the event.", "misp-attribute": "text"
"ui-priority": 0, },
"misp-attribute": "text" "event-date-time": {
}, "description": "Date and time when the event was logged.",
"event-date-time": "ui-priority": 0,
{ "misp-attribute": "datetime",
"description": "Date and time when the event was logged.", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "datetime", "level": {
"disable_correlation": true "description": "Determines the event severity.",
}, "ui-priority": 0,
"level": { "misp-attribute": "text",
"description": "Determines the event severity.", "sane_default": [
"ui-priority": 0, "Information",
"misp-attribute": "text", "Warning",
"sane_default":[ "Error",
"Information", "Critical",
"Warning", "Success Audit",
"Error", "Failure Audit"
"Critical", ]
"Success Audit", },
"Failure Audit" "Computer": {
] "description": "Computer name on which the event occurred",
}, "ui-priority": 0,
"Computer": { "misp-attribute": "text",
"description": "Computer name on which the event occurred", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "text", "User": {
"disable_correlation": true "description": "Name or the User ID the event is associated with.",
}, "ui-priority": 0,
"User": { "misp-attribute": "text",
"description": "Name or the User ID the event is associated with.", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "text", "Operational-code": {
"disable_correlation": true "description": "The opcode (numeric value or name) associated with the activity carried out by the event.",
}, "ui-priority": 0,
"Operational-code": { "misp-attribute": "text",
"description": "The opcode (numeric value or name) associated with the activity carried out by the event.", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "text", "log": {
"disable_correlation": true "description": "Log file where the event was recorded.",
}, "ui-priority": 0,
"log": { "misp-attribute": "text",
"description": "Log file where the event was recorded.", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "text", "task-category": {
"disable_correlation": true "description": "Activity by the event publisher",
}, "ui-priority": 0,
"task-category":{ "misp-attribute": "text",
"description": "Activity by the event publisher", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "text", "Keywords": {
"disable_correlation": true "description": "Tags used for the event for the purpose of filtering or searching.",
}, "ui-priority": 0,
"Keywords":{ "misp-attribute": "text",
"description" : "Tags used for the event for the purpose of filtering or searching.", "sane_default": [
"ui-priority": 0, "Network",
"misp-attribute": "text", "Security",
"sane_default":[ "Resource not found",
"Network", "other"
"Security", ]
"Resource not found", },
"other" "Processor-ID": {
] "description": "ID of the processor that processed the event.",
}, "ui-priority": 0,
"Processor-ID": { "misp-attribute": "text",
"description": "ID of the processor that processed the event.", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "text", "Thread-ID": {
"disable_correlation": true "description": "Thread id that generated the event.",
}, "ui-priority": 0,
"Thread-ID": { "misp-attribute": "text",
"description": "Thread id that generated the event.", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "text", "Session-ID": {
"disable_correlation": true "description": "Terminal server session ID.",
}, "ui-priority": 0,
"Session-ID": { "misp-attribute": "text",
"description": "Terminal server session ID.", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "text", "Correlation-ID": {
"disable_correlation": true "description": "Unique activity identity which relates the event to a process. ",
}, "ui-priority": 0,
"Correlation-ID": { "misp-attribute": "text"
"description": "Unique activity identity which relates the event to a process. ", },
"ui-priority": 0, "Relative-Correlation-ID": {
"misp-attribute": "text" "description": "Related activity ID which identity similar activities which occurred as a part of the event.",
}, "ui-priority": 0,
"Relative-Correlation-ID": { "misp-attribute": "text",
"description": "Related activity ID which identity similar activities which occurred as a part of the event.", "disable_correlation": true
"ui-priority": 0, },
"misp-attribute": "text", "kernel-time": {
"disable_correlation": true "description": "Execution time of the kernel mode instruction.",
}, "ui-priority": 0,
"kernel-time": "misp-attribute": "datetime",
{ "disable_correlation": true
"description": "Execution time of the kernel mode instruction.", },
"ui-priority": 0, "user-time": {
"misp-attribute": "datetime", "description": "Date and time when the user instruction was executed.",
"disable_correlation": true "ui-priority": 0,
}, "misp-attribute": "datetime",
"user-time": "disable_correlation": true
{ },
"description": "Date and time when the user instruction was executed.", "Event-data": {
"ui-priority": 0, "description": "Event data description.",
"misp-attribute": "datetime", "ui-priority": 0,
"disable_correlation": true "misp-attribute": "text",
}, "disable_correlation": true
"Event-data": },
{ "comment": {
"description": "Event data description.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
}, }
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
}, },
"version": 1, "version": 1,
"description": "Event log object template to share information of the activities conducted on a system. ", "description": "Event log object template to share information of the activities conducted on a system. ",

11
objects/regripper-NTUser/definition.json
View File

@ -26,25 +26,25 @@
"description": "List of recent folders accessed by the user.", "description": "List of recent folders accessed by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"recent-files-accessed": { "recent-files-accessed": {
"description": "List of recent files accessed by the user.", "description": "List of recent files accessed by the user.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"typed-urls": { "typed-urls": {
"description": "Urls typed by the user in internet explorer", "description": "Urls typed by the user in internet explorer",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"applications-installed": { "applications-installed": {
"description": "List of applications installed.", "description": "List of applications installed.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"multiple":true "multiple": true
}, },
"applications-run": { "applications-run": {
"description": "List of applications set to run on the system.", "description": "List of applications set to run on the system.",
@ -58,7 +58,7 @@
"misp-attribute": "text", "misp-attribute": "text",
"multiple": true "multiple": true
}, },
"user-init": { "user-init": {
"description": "Applications or processes set to run when the user logs onto the windows system.", "description": "Applications or processes set to run when the user logs onto the windows system.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
@ -89,7 +89,6 @@
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
} }
}, },
"version": 1, "version": 1,
"description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.", "description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.",

134
objects/regripper-sam-hive-single-user/definition.json
View File

@ -1,70 +1,68 @@
{ {
"required": [ "required": [
"key" "key"
], ],
"requiredOneOf": [ "requiredOneOf": [
"user-name", "user-name",
"last-login-time", "last-login-time",
"login-count" "login-count"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Registry key where the information is retrieved from.", "description": "Registry key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"user-name": {
"description": "User name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"full-user-name": {
"description": "Full name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"last-login-time": {
"description": "Date and time when the user last logged onto the system.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"pwd-reset-time": {
"description": "Date and time when the password was last reset.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"pwd-fail-date": {
"description": "Date and time when a password last failed for this user profile.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"login-count": {
"description": "Number of times the user logged-in onto the system.",
"ui-priority": 0,
"misp-attribute": "counter",
"disable_correlation": true
},
"comments": {
"description": "Full name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
}, },
"version": 1, "key-last-write-time": {
"description": "Regripper Object template designed to present user profile details extracted from the SAM hive.", "description": "Date and time when the key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef", "misp-attribute": "datetime",
"name": "regripper-sam-hive-single-user" "disable_correlation": true
} },
"user-name": {
"description": "User name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"full-user-name": {
"description": "Full name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"last-login-time": {
"description": "Date and time when the user last logged onto the system.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"pwd-reset-time": {
"description": "Date and time when the password was last reset.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"pwd-fail-date": {
"description": "Date and time when a password last failed for this user profile.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"login-count": {
"description": "Number of times the user logged-in onto the system.",
"ui-priority": 0,
"misp-attribute": "counter",
"disable_correlation": true
},
"comments": {
"description": "Full name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
},
"version": 1,
"description": "Regripper Object template designed to present user profile details extracted from the SAM hive.",
"meta-category": "misc",
"uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef",
"name": "regripper-sam-hive-single-user"
}

106
objects/regripper-sam-hive-user-group/definition.json
View File

@ -1,56 +1,54 @@
{ {
"required": [ "required": [
"key" "key"
], ],
"requiredOneOf": [ "requiredOneOf": [
"group-name" "group-name"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Registry key where the information is retrieved from.", "description": "Registry key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"group-name": {
"description": "Name assigned to the profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"full-name": {
"description": "Full name assigned to the profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"last-write-date-time": {
"description": "Date and time when the group key was updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"group-comment": {
"description": "Name assigned to the profile.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"group-users": {
"description": "Users belonging to the group",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
}
}, },
"version": 1, "key-last-write-time": {
"description": "Regripper Object template designed to present group profile details extracted from the SAM hive.", "description": "Date and time when the key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c", "misp-attribute": "datetime",
"name": "regripper-sam-hive-user-group" "disable_correlation": true
} },
"group-name": {
"description": "Name assigned to the profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"full-name": {
"description": "Full name assigned to the profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"last-write-date-time": {
"description": "Date and time when the group key was updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"group-comment": {
"description": "Any group comment added.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"group-users": {
"description": "Users belonging to the group",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
}
},
"version": 1,
"description": "Regripper Object template designed to present group profile details extracted from the SAM hive.",
"meta-category": "misc",
"uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c",
"name": "regripper-sam-hive-user-group"
}

115
objects/regripper-software-hive-BHO/definition.json
View File

@ -1,60 +1,59 @@
{ {
"required": [ "required": [
"key", "key",
"BHO-name" "BHO-name"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"BHO-name": {
"description": "Name of the browser helper object.",
"ui-priority": 0,
"misp-attribute": "text"
},
"BHO-key-last-write-time": {
"description": "Date and time when the BHO key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"class": {
"description": "Class to which the BHO belongs to.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"module": {
"description": "DLL module the BHO belongs to.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the BHO.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple":true
}
}, },
"version": 1, "last-write-time": {
"description": "Regripper Object template designed to gather information of the browser helper objects installed on the system.", "description": "Date and time when the key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2", "misp-attribute": "datetime",
"name": "regripper-software-hive-BHO" "disable_correlation": true
} },
"BHO-name": {
"description": "Name of the browser helper object.",
"ui-priority": 0,
"misp-attribute": "text"
},
"BHO-key-last-write-time": {
"description": "Date and time when the BHO key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"class": {
"description": "Class to which the BHO belongs to.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"module": {
"description": "DLL module the BHO belongs to.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the BHO.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple": true
}
},
"version": 1,
"description": "Regripper Object template designed to gather information of the browser helper objects installed on the system.",
"meta-category": "misc",
"uuid": "e7b46b5a-d2d2-4a05-bc25-2ac8d4683ae2",
"name": "regripper-software-hive-BHO"
}

103
objects/regripper-software-hive-appInit-DLLS/definition.json
View File

@ -1,54 +1,53 @@
{ {
"required": [ "required": [
"key", "key",
"DLL-name", "DLL-name",
"DLL-path" "DLL-path"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"DLL-name": {
"description": "Name of the DLL file.",
"ui-priority": 0,
"misp-attribute": "text"
},
"DLL-path": {
"description": "Path where the DLL file is stored.",
"ui-priority": 0,
"misp-attribute": "text"
},
"DLL-last-write-time": {
"description": "Date and time when the DLL file was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the DLL file.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple":true
}
}, },
"version": 1, "last-write-time": {
"description": "Regripper Object template designed to gather information of the DLL files installed on the system.", "description": "Date and time when the key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859", "misp-attribute": "datetime",
"name": "regripper-software-hive-appInit-DLLS" "disable_correlation": true
} },
"DLL-name": {
"description": "Name of the DLL file.",
"ui-priority": 0,
"misp-attribute": "text"
},
"DLL-path": {
"description": "Path where the DLL file is stored.",
"ui-priority": 0,
"misp-attribute": "text"
},
"DLL-last-write-time": {
"description": "Date and time when the DLL file was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the DLL file.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple": true
}
},
"version": 1,
"description": "Regripper Object template designed to gather information of the DLL files installed on the system.",
"meta-category": "misc",
"uuid": "7893be05-8398-451e-ab1e-5e25ea4a8859",
"name": "regripper-software-hive-appInit-DLLS"
}

95
objects/regripper-software-hive-application-paths/definition.json
View File

@ -1,50 +1,49 @@
{ {
"required": [ "required": [
"key", "key",
"executable-file-name", "executable-file-name",
"path" "path"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"executable-file-name": {
"description": "Name of the executable file.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":true
},
"path": {
"description": "Path of the executable file.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the application installed.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple":true
}
}, },
"version": 1, "last-write-time": {
"description": "Regripper Object template designed to gather information of the application paths.", "description": "Date and time when the key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8", "misp-attribute": "datetime",
"name": "regripper-software-hive-application-paths" "disable_correlation": true
} },
"executable-file-name": {
"description": "Name of the executable file.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"path": {
"description": "Path of the executable file.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the application installed.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple": true
}
},
"version": 1,
"description": "Regripper Object template designed to gather information of the application paths.",
"meta-category": "misc",
"uuid": "9f2d3c9b-9a82-42a7-82c2-733115d101c8",
"name": "regripper-software-hive-application-paths"
}

111
objects/regripper-software-hive-applications-installed/definition.json
View File

@ -1,58 +1,57 @@
{ {
"required": [ "required": [
"key", "key",
"app-name" "app-name"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"key-path": {
"description": "Path of the key.",
"ui-priority": 0,
"misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"app-name": {
"description": "Name of the application.",
"ui-priority": 0,
"misp-attribute": "text"
},
"app-last-write-time": {
"description": "Date and time when the application key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"version": {
"description": "Version of the application.",
"ui-priority": 0,
"misp-attribute": "text"
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the application installed.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple":true
}
}, },
"version": 1, "key-path": {
"description": "Regripper Object template designed to gather information of the applications installed on the system.", "description": "Path of the key.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd", "misp-attribute": "text"
"name": "regripper-software-hive-applications-installed" },
} "last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"app-name": {
"description": "Name of the application.",
"ui-priority": 0,
"misp-attribute": "text"
},
"app-last-write-time": {
"description": "Date and time when the application key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"version": {
"description": "Version of the application.",
"ui-priority": 0,
"misp-attribute": "text"
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the application installed.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple": true
}
},
"version": 1,
"description": "Regripper Object template designed to gather information of the applications installed on the system.",
"meta-category": "misc",
"uuid": "7a8fb6b4-cbbd-4de5-b893-7b0a5c4858cd",
"name": "regripper-software-hive-applications-installed"
}

107
objects/regripper-software-hive-command-shell/definition.json
View File

@ -1,56 +1,55 @@
{ {
"required": [ "required": [
"key", "key",
"shell", "shell",
"shell-path" "shell-path"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"shell": {
"description": "Type of shell used to execute the command.",
"ui-priority": 0,
"misp-attribute": "text",
"sane_default":[
"exe",
"cmd",
"bat",
"hta",
"pif",
"Other"
],
"disable_correlation": true
},
"shell-path": {
"description": "Path of the shell.",
"ui-priority": 0,
"misp-attribute": "text"
},
"command": {
"description": "Command executed.",
"ui-priority": 0,
"misp-attribute": "text"
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
}, },
"version": 1, "last-write-time": {
"description": "Regripper Object template designed to gather information of the shell commands executed on the system.", "description": "Date and time when the key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978", "misp-attribute": "datetime",
"name": "regripper-software-hive-command-shell" "disable_correlation": true
} },
"shell": {
"description": "Type of shell used to execute the command.",
"ui-priority": 0,
"misp-attribute": "text",
"sane_default": [
"exe",
"cmd",
"bat",
"hta",
"pif",
"Other"
],
"disable_correlation": true
},
"shell-path": {
"description": "Path of the shell.",
"ui-priority": 0,
"misp-attribute": "text"
},
"command": {
"description": "Command executed.",
"ui-priority": 0,
"misp-attribute": "text"
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
},
"version": 1,
"description": "Regripper Object template designed to gather information of the shell commands executed on the system.",
"meta-category": "misc",
"uuid": "a7dc3697-89ce-46dc-a64d-0b1015457978",
"name": "regripper-software-hive-command-shell"
}

247
objects/regripper-software-hive-general-windows-info/definition.json
View File

@ -1,126 +1,125 @@
{ {
"required": [ "required": [
"win-cv-path", "win-cv-path",
"CurrentVersion" "CurrentVersion"
], ],
"attributes": { "attributes": {
"win-cv-path": { "win-cv-path": {
"description": "key where the windows information is retrieved from", "description": "key where the windows information is retrieved from",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"RegisteredOrganization": {
"description": "Name of the registered organization.",
"ui-priority": 0,
"misp-attribute": "text"
},
"RegisteredOwner": {
"description": "Name of the registered owner.",
"ui-priority": 0,
"misp-attribute": "text"
},
"CurrentVersion": {
"description": "Current version of windows",
"ui-priority": 0,
"misp-attribute": "text"
},
"CurrentBuild": {
"description": "Build number of the windows OS.",
"ui-priority": 0,
"misp-attribute": "text"
},
"SoftwareType": {
"description": "Software type of windows.",
"ui-priority": 0,
"sane_default":[
"System",
"Application",
"other"
],
"misp-attribute": "text",
"disable_correlation": true
},
"InstallationType": {
"description": "Type of windows installation.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"InstallDate": {
"description": "Date when windows was installed.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"SystemRoot": {
"description": "Root directory.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"PathName": {
"description": "Path to the root directory.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"EditionID": {
"description": "Windows edition.",
"ui-priority": 0,
"misp-attribute": "text"
},
"ProductName": {
"description": "Name of the windows version.",
"ui-priority": 0,
"misp-attribute": "text"
},
"ProductID": {
"description": "ID of the product version.",
"ui-priority": 0,
"misp-attribute": "text"
},
"CSDVersion": {
"description": "Version of the service pack installed.",
"ui-priority": 0,
"misp-attribute": "text"
},
"CurrentType": {
"description": "Current build type of the OS.",
"ui-priority": 0,
"misp-attribute": "text"
},
"BuildLab": {
"description": "Windows BuildLab string.",
"ui-priority": 0,
"misp-attribute": "text"
},
"BuildGUID": {
"description": "Build ID.",
"ui-priority": 0,
"misp-attribute": "text"
},
"BuildLabEx": {
"description": "Windows BuildLabEx string.",
"ui-priority": 0,
"misp-attribute": "text"
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
}
}, },
"version": 1, "last-write-time": {
"description": "Regripper Object template designed to gather general windows information extracted from the software-hive.", "description": "Date and time when the key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "03200c25-4bf5-4282-9852-001a51ab20f1", "misp-attribute": "datetime",
"name": "regripper-software-hive-windows-general-info" "disable_correlation": true
} },
"RegisteredOrganization": {
"description": "Name of the registered organization.",
"ui-priority": 0,
"misp-attribute": "text"
},
"RegisteredOwner": {
"description": "Name of the registered owner.",
"ui-priority": 0,
"misp-attribute": "text"
},
"CurrentVersion": {
"description": "Current version of windows",
"ui-priority": 0,
"disable_correlation": true
},
"CurrentBuild": {
"description": "Build number of the windows OS.",
"ui-priority": 0,
"misp-attribute": "text"
},
"SoftwareType": {
"description": "Software type of windows.",
"ui-priority": 0,
"sane_default": [
"System",
"Application",
"other"
],
"misp-attribute": "text",
"disable_correlation": true
},
"InstallationType": {
"description": "Type of windows installation.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"InstallDate": {
"description": "Date when windows was installed.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"SystemRoot": {
"description": "Root directory.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"PathName": {
"description": "Path to the root directory.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"EditionID": {
"description": "Windows edition.",
"ui-priority": 0,
"misp-attribute": "text"
},
"ProductName": {
"description": "Name of the windows version.",
"ui-priority": 0,
"misp-attribute": "text"
},
"ProductID": {
"description": "ID of the product version.",
"ui-priority": 0,
"misp-attribute": "text"
},
"CSDVersion": {
"description": "Version of the service pack installed.",
"ui-priority": 0,
"misp-attribute": "text"
},
"CurrentBuildType": {
"description": "Current build type of the OS.",
"ui-priority": 0,
"misp-attribute": "text"
},
"BuildLab": {
"description": "Windows BuildLab string.",
"ui-priority": 0,
"misp-attribute": "text"
},
"BuildGUID": {
"description": "Build ID.",
"ui-priority": 0,
"misp-attribute": "text"
},
"BuildLabEx": {
"description": "Windows BuildLabEx string.",
"ui-priority": 0,
"misp-attribute": "text"
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
}
},
"version": 1,
"description": "Regripper Object template designed to gather general windows information extracted from the software-hive.",
"meta-category": "misc",
"uuid": "03200c25-4bf5-4282-9852-001a51ab20f1",
"name": "regripper-software-hive-windows-general-info"
}

123
objects/regripper-software-hive-software-run/definition.json
View File

@ -1,64 +1,63 @@
{ {
"required": [ "required": [
"key", "key",
"application-name", "application-name",
"application-path" "application-path"
], ],
"attributes": { "attributes": {
"key": { "key": {
"description": "Software hive key where the information is retrieved from.", "description": "Software hive key where the information is retrieved from.",
"ui-priority": 0, "ui-priority": 0,
"sane_default": [ "sane_default": [
"Run", "Run",
"RunOnce", "RunOnce",
"Runservices", "Runservices",
"Terminal", "Terminal",
"Other" "Other"
], ],
"misp-attribute": "text", "misp-attribute": "text",
"disable_correlation": true "disable_correlation": true
},
"key-path": {
"description": "Path of the key.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"application-name": {
"description": "Name of the application run.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":true
},
"application-path": {
"description": "Path where the application is installed.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the applications.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple":true
}
}, },
"version": 1, "key-path": {
"description": "Regripper Object template designed to gather information of the applications set to run on the system.", "description": "Path of the key.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94", "misp-attribute": "text",
"name": "regripper-software-hive-software-run" "disable_correlation": true
} },
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"application-name": {
"description": "Name of the application run.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"application-path": {
"description": "Path where the application is installed.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": true
},
"comments": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"references": {
"description": "References to the applications.",
"ui-priority": 0,
"misp-attribute": "link",
"multiple": true
}
},
"version": 1,
"description": "Regripper Object template designed to gather information of the applications set to run on the system.",
"meta-category": "misc",
"uuid": "4bae06d1-3996-4028-88ec-7c7d54cc1d94",
"name": "regripper-software-hive-software-run"
}

3
objects/regripper-software-hive-userprofile-winlogon/definition.json
View File

@ -145,8 +145,7 @@
"misp-attribute": "counter", "misp-attribute": "counter",
"disable_correlation": true "disable_correlation": true
}, },
"Comments": "Comments": {
{
"description": "Additional comments.", "description": "Additional comments.",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",

94
objects/regripper-system-hive-firewall-configuration/definition.json
View File

@ -1,48 +1,50 @@
{ {
"required": [ "required": [
"profile" "profile"
], ],
"attributes": { "attributes": {
"profile": { "profile": {
"description": "Firewall Profile type", "description": "Firewall Profile type",
"ui-priority": 0, "ui-priority": 0,
"sane-default":[ "sane-default": [
"Domain Profile", "Domain Profile",
"Standard Profile", "Standard Profile",
"other" "Network Profile",
], "Public Profile",
"misp-attribute": "text", "Private Profile",
"disable_correlation": true "other"
}, ],
"last-write-time": { "misp-attribute": "text",
"description": "Date and time when the firewall profile policy was last updated.", "disable_correlation": true
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"enbled-firewall": {
"description": "Boolean flag to determine if the firewall is enabled.",
"ui-priority": 0,
"misp-attribute": "boolean",
"disable_correlation": true
},
"disable-notification": {
"description": "Boolean flag to determine if firewall notifications are enabled.",
"ui-priority": 0,
"misp-attribute": "boolean",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
}, },
"version": 1, "last-write-time": {
"description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.", "description": "Date and time when the firewall profile policy was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", "misp-attribute": "datetime",
"name": "regripper-system-hive-firewall-configuration" "disable_correlation": true
} },
"enbled-firewall": {
"description": "Boolean flag to determine if the firewall is enabled.",
"ui-priority": 0,
"misp-attribute": "boolean",
"disable_correlation": true
},
"disable-notification": {
"description": "Boolean flag to determine if firewall notifications are enabled.",
"ui-priority": 0,
"misp-attribute": "boolean",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
},
"version": 1,
"description": "Regripper Object template designed to present firewall configuration information extracted from the system-hive.",
"meta-category": "misc",
"uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07",
"name": "regripper-system-hive-firewall-configuration"
}

175
objects/regripper-system-hive-general-configuration/definition.json
View File

@ -1,90 +1,89 @@
{ {
"required": [ "required": [
"computer-name" "computer-name"
], ],
"attributes": { "attributes": {
"computer-name": { "computer-name": {
"description": "name of the computer under analysis", "description": "name of the computer under analysis",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"shutdown-time": {
"description": "Date and time when the system was shutdown.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-last-write-time": {
"description": "Date and time when the timezone key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-bias": {
"description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-standard-name": {
"description": "Timezone standard name used during non-daylight saving months.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-standard-date": {
"description": "Standard date - non daylight saving months",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-standard-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-daylight-name": {
"description": "Timezone name used during daylight saving months.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-daylight-date": {
"description": "Daylight date - daylight saving months",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-daylight-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"fDenyTSConnections:": {
"description": "Specifies whether remote connections are enabled or disabled on the system.",
"ui-priority": 0,
"misp-attribute": "boolean",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
}
}, },
"version": 1, "last-write-time": {
"description": "Regripper Object template designed to present general system properties extracted from the system-hive.", "description": "Date and time when the key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", "misp-attribute": "datetime",
"name": "regripper-system-hive-general-configuration" "disable_correlation": true
} },
"shutdown-time": {
"description": "Date and time when the system was shutdown.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-last-write-time": {
"description": "Date and time when the timezone key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-bias": {
"description": "Offset in minutes from UTC. Offset added to the local time to get a UTC value.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-standard-name": {
"description": "Timezone standard name used during non-daylight saving months.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-standard-date": {
"description": "Standard date - non daylight saving months",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-standard-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during standard time.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-daylight-name": {
"description": "Timezone name used during daylight saving months.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"timezone-daylight-date": {
"description": "Daylight date - daylight saving months",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"timezone-daylight-bias": {
"description": "value in minutes to be added to the value of timezone-bias to generate the bias used during daylight time.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"fDenyTSConnections:": {
"description": "Specifies whether remote connections are enabled or disabled on the system.",
"ui-priority": 0,
"misp-attribute": "boolean",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
}
},
"version": 1,
"description": "Regripper Object template designed to present general system properties extracted from the system-hive.",
"meta-category": "misc",
"uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4",
"name": "regripper-system-hive-general-configuration"
}

209
objects/regripper-system-hive-network-information/definition.json
View File

@ -1,107 +1,106 @@
{ {
"required": [ "required": [
"network-key" "network-key"
], ],
"attributes": { "attributes": {
"network-key": { "network-key": {
"description": "Registry key assigned to the network", "description": "Registry key assigned to the network",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"network-key-last-write-time": {
"description": "Date and time when the network key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"network-key-path": {
"description": "Path of the key where the information is retrieved from.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"TCPIP-key": {
"description": "TCPIP key",
"ui-priority": 0,
"misp-attribute": "text"
},
"TCPIP-key-last-write-time": {
"description": "Datetime when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"DHCP-domain": {
"description": "Name of the DHCP domain service",
"ui-priority": 0,
"misp-attribute": "text"
},
"DHCP-IP-address": {
"description": "DHCP service - IP address",
"ui-priority": 0,
"misp-attribute": "ip-dst"
},
"DHCP-subnet-mask": {
"description": "DHCP subnet mask - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dst"
},
"DHCP-name-server": {
"description": "DHCP Name server - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dst"
},
"DHCP-server": {
"description": "DHCP server - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dst"
},
"interface-GUID": {
"description": "GUID value assigned to the interface.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"interface-last-write-time": {
"description": "Last date and time when the interface key was updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"interface-name": {
"description": "Name of the interface.",
"ui-priority": 0,
"misp-attribute": "text"
},
"interface-PnpInstanceID": {
"description": "Plug and Play instance ID assigned to the interface.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"interface-MediaSubType": {
"description": "",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"interface-IPcheckingEnabled": {
"description": "",
"ui-priority": 0,
"misp-attribute": "boolean",
"disable_correlation": true
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
}, },
"version": 1, "network-key-last-write-time": {
"description": "Regripper object template designed to gather network information from the system-hive.", "description": "Date and time when the network key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", "misp-attribute": "datetime",
"name": "regripper-system-hive-network-information." "disable_correlation": true
} },
"network-key-path": {
"description": "Path of the key where the information is retrieved from.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"TCPIP-key": {
"description": "TCPIP key",
"ui-priority": 0,
"misp-attribute": "text"
},
"TCPIP-key-last-write-time": {
"description": "Datetime when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"DHCP-domain": {
"description": "Name of the DHCP domain service",
"ui-priority": 0,
"misp-attribute": "text"
},
"DHCP-IP-address": {
"description": "DHCP service - IP address",
"ui-priority": 0,
"misp-attribute": "ip-dst"
},
"DHCP-subnet-mask": {
"description": "DHCP subnet mask - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dst"
},
"DHCP-name-server": {
"description": "DHCP Name server - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dst"
},
"DHCP-server": {
"description": "DHCP server - IP address.",
"ui-priority": 0,
"misp-attribute": "ip-dst"
},
"interface-GUID": {
"description": "GUID value assigned to the interface.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"interface-last-write-time": {
"description": "Last date and time when the interface key was updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"interface-name": {
"description": "Name of the interface.",
"ui-priority": 0,
"misp-attribute": "text"
},
"interface-PnpInstanceID": {
"description": "Plug and Play instance ID assigned to the interface.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"interface-MediaSubType": {
"description": "",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
},
"interface-IPcheckingEnabled": {
"description": "",
"ui-priority": 0,
"misp-attribute": "boolean",
"disable_correlation": true
},
"additional-comments": {
"description": "Comments.",
"ui-priority": 0,
"misp-attribute": "text",
"disable_correlation": true
}
},
"version": 1,
"description": "Regripper object template designed to gather network information from the system-hive.",
"meta-category": "misc",
"uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0",
"name": "regripper-system-hive-network-information."
}

193
objects/regripper-system-hive-service-drivers/definition.json
View File

@ -1,99 +1,98 @@
{ {
"required": [ "required": [
"name" "name"
], ],
"attributes": { "attributes": {
"name": { "name": {
"description": "name of the key", "description": "name of the key",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "misp-attribute": "text"
},
"last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime",
"disable_correlation": true
},
"display": {
"description": "Display name/information of the service or the driver.",
"ui-priority": 0,
"misp-attribute": "text"
},
"image-path": {
"description": "Path of the service/drive",
"ui-priority": 0,
"misp-attribute": "text"
},
"type": {
"description": "Service/driver type.",
"ui-priority": 0,
"sane_default": [
"Kernel driver",
"File system driver",
"Own process",
"Share process",
"Interactive",
"Other"
],
"misp-attribute": "text",
"disable_correlation": true
},
"start": {
"description": "When the service/driver starts or executes.",
"ui-priority": 0,
"sane_default":[
"Boot start",
"System start",
"Auto start",
"Manual",
"Disabled"
],
"misp-attribute": "text",
"disable_correlation": true
},
"group": {
"description": "Group to which the system/driver belong to.",
"ui-priority": 0,
"sane_default":[
"Base",
"Boot Bus Extender",
"Boot File System",
"Cryptography",
"Extended base",
"Event Log",
"Filter",
"FSFilter Bottom",
"FSFilter Infrastructure",
"File System",
"FSFilter Virtualization",
"Keyboard Port",
"Network",
"NDIS",
"Parallel arbitrator",
"Pointer Port",
"PnP Filter",
"ProfSvc_Group",
"PNP_TDI",
"SCSI Miniport",
"SCSI CDROM Class",
"System Bus Extender",
"Video Save",
"other"
],
"misp-attribute": "text",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
}
}, },
"version": 1, "last-write-time": {
"description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.", "description": "Date and time when the key was last updated.",
"meta-category": "misc", "ui-priority": 0,
"uuid": "78cdae45-2061-4b49-b1d6-71f562094a73", "misp-attribute": "datetime",
"name": "regripper-system-hive-services-drivers" "disable_correlation": true
} },
"display": {
"description": "Display name/information of the service or the driver.",
"ui-priority": 0,
"misp-attribute": "text"
},
"image-path": {
"description": "Path of the service/drive",
"ui-priority": 0,
"misp-attribute": "text"
},
"type": {
"description": "Service/driver type.",
"ui-priority": 0,
"sane_default": [
"Kernel driver",
"File system driver",
"Own process",
"Share process",
"Interactive",
"Other"
],
"misp-attribute": "text",
"disable_correlation": true
},
"start": {
"description": "When the service/driver starts or executes.",
"ui-priority": 0,
"sane_default": [
"Boot start",
"System start",
"Auto start",
"Manual",
"Disabled"
],
"misp-attribute": "text",
"disable_correlation": true
},
"group": {
"description": "Group to which the system/driver belong to.",
"ui-priority": 0,
"sane_default": [
"Base",
"Boot Bus Extender",
"Boot File System",
"Cryptography",
"Extended base",
"Event Log",
"Filter",
"FSFilter Bottom",
"FSFilter Infrastructure",
"File System",
"FSFilter Virtualization",
"Keyboard Port",
"Network",
"NDIS",
"Parallel arbitrator",
"Pointer Port",
"PnP Filter",
"ProfSvc_Group",
"PNP_TDI",
"SCSI Miniport",
"SCSI CDROM Class",
"System Bus Extender",
"Video Save",
"other"
],
"misp-attribute": "text",
"disable_correlation": true
},
"comment": {
"description": "Additional comments.",
"ui-priority": 0,
"misp-attribute": "",
"disable_correlation": true
}
},
"version": 1,
"description": "Regripper Object template designed to gather information regarding the services/drivers from the system-hive.",
"meta-category": "misc",
"uuid": "78cdae45-2061-4b49-b1d6-71f562094a73",
"name": "regripper-system-hive-services-drivers"
}