diff --git a/objects/email/definition.json b/objects/email/definition.json new file mode 100644 index 0000000..aa3ad87 --- /dev/null +++ b/objects/email/definition.json @@ -0,0 +1,86 @@ +{ + "name": "email", + "meta-category": "email", + "description": "Email object describing an email with meta-information", + "version": 1, + "attributes" : + { + "from": { + "misp-attribute": "email-src", + "misp-usage-frequency": 1, + "categories": ["Payload delivery"] + }, + "from-display-name": { + "misp-attribute": "email-src-display-name", + "misp-usage-frequency": 1, + "categories": ["Payload delivery"] + }, + "to": { + "misp-attribute": "email-dst", + "misp-usage-frequency": 1, + "categories": ["Payload delivery"], + "multiple": true + }, + "to-display-name": { + "misp-attribute": "email-dst-display-name", + "misp-usage-frequency": 1, + "categories": ["Payload delivery"], + "multiple": true + }, + "subject": { + "misp-attribute": "email-subject", + "misp-usage-frequency": 1, + "categories": ["Payload delivery"] + }, + "attachment": { + "misp-attribute": "email-attachment", + "misp-usage-frequency": 0, + "categories": ["Payload delivery"], + "multiple": true + }, + "message-id": { + "misp-attribute": "email-message-id", + "misp-usage-frequency": 0, + "categories": ["Payload delivery"] + }, + "reply-to": { + "misp-attribute": "email-reply-to", + "misp-usage-frequency": 1, + "categories": ["Payload delivery"] + }, + "send-date": { + "misp-attribute": "datetime", + "misp-usage-frequency": 0, + "categories": ["Other"] + }, + "url": { + "misp-attribute": "url", + "misp-usage-frequency": 0, + "categories": ["Payload delivery"], + "multiple": true + }, + "mime-boundary": { + "misp-attribute": "email-mime-boundary", + "misp-usage-frequency": 0, + "categories": ["Payload delivery"] + }, + "thread-index": { + "misp-attribute": "email-thread-index", + "misp-usage-frequency": 0, + "categories": ["Payload delivery"] + }, + "header": { + "misp-attribute": "email-header", + "misp-usage-frequency": 0, + "categories": ["Payload delivery"], + "multiple": true + }, + "x-mailer": { + "misp-attribute": "email-xmailer", + "misp-usage-frequency": 0, + "categories": ["Payload delivery"] + } + + }, + "requiredOneOf": ["email-src", "email-src-display-name", "email-dst", "email-dst-display-name", "email-subject", "email-attachment", "email-message-id", "email-reply-to", "send-date", "url", "email-mime-boundary", "email-thread-index", "email-header", "x-mailer"] +}