From 1ee36b442685ff2eaf1f18c203c2ec662203c1d8 Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Mon, 7 Feb 2022 17:54:31 +0100 Subject: [PATCH] new: Add apivoid email verification API result object --- README.md | 1 + .../definition.json | 219 ++++++++++++++++++ 2 files changed, 220 insertions(+) create mode 100644 objects/apivoid-email-verification/definition.json diff --git a/README.md b/README.md index 84a820e..705b313 100644 --- a/README.md +++ b/README.md @@ -110,6 +110,7 @@ for a specific attribute. An optional **to_ids** boolean field to disable the ID - [objects/android-permission](https://github.com/MISP/misp-objects/blob/main/objects/android-permission/definition.json) - A set of android permissions - one or more permission(s) which can be linked to other objects (e.g. malware, app). - [objects/annotation](https://github.com/MISP/misp-objects/blob/main/objects/annotation/definition.json) - An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes. - [objects/anonymisation](https://github.com/MISP/misp-objects/blob/main/objects/anonymisation/definition.json) - Anonymisation object describing an anonymisation technique used to encode MISP attribute values. Reference: https://www.caida.org/tools/taxonomy/anonymization.xml. +- [objects/apivoid-email-verification](https://github.com/MISP/misp-objects/blob/main/objects/apivoid-email-verification/definition.json) - Apivoid email verification API result. Reference: https://www.apivoid.com/api/email-verify/ - [objects/asn](https://github.com/MISP/misp-objects/blob/main/objects/asn/definition.json) - Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes or alike. - [objects/attack-pattern](https://github.com/MISP/misp-objects/blob/main/objects/attack-pattern/definition.json) - Attack pattern describing a common attack pattern enumeration and classification. - [objects/authentication-failure-report](https://github.com/MISP/misp-objects/blob/main/objects/authentication-failure-report/definition.json) - Authentication Failure Report. diff --git a/objects/apivoid-email-verification/definition.json b/objects/apivoid-email-verification/definition.json new file mode 100644 index 0000000..7743138 --- /dev/null +++ b/objects/apivoid-email-verification/definition.json @@ -0,0 +1,219 @@ +{ + "attributes": { + "china_free_email": { + "description": "True if email is a free China email, i.e 163.com.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "comment": { + "description": "Field for comments or correlating text", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "dirty_words_domain": { + "description": "True if domain contains dirty/bad words.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "dirty_words_username": { + "description": "True if username contains dirty/bad words.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "disposable": { + "description": "True if email is disposable, i.e yopmail.com.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "dmarc_configured": { + "description": "True if domain has DMARC records configured.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "dmarc_enforced": { + "description": "True if domain is configured for DMARC and set to an enforcement policy.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "domain": { + "description": "Email domain.", + "disable_correlation": true, + "misp-attribute": "domain", + "to_ids": false, + "ui-priority": 1 + }, + "domain_popular": { + "description": "True if domain is a known popular domain.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "educational_domain": { + "description": "True if domain is an educational domain, i.e .edu", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "email": { + "categories": [ + "Attribution" + ], + "description": "The email address that was queried.", + "misp-attribute": "email", + "to_ids": false, + "ui-priority": 1 + }, + "free_email": { + "description": "True if email is a free email, i.e gmail.com.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "government_domain": { + "description": "True if domain is a government domain, i.e .gov", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "has_a_records": { + "description": "True if domain has A records configured.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "has_mx_records": { + "description": "True if domain has MX records configured.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "has_spf_records": { + "description": "True if domain has SPF records configured.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "is_spoofable": { + "description": "True if domain does not have SPF records or if ~all is not configured.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "police_domain": { + "description": "True if domain is a police domain (such as *polizei*, *police*, etc).", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "risky_tld": { + "description": "True if domain TLD is risky, i.e .top or .pro.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "role_address": { + "description": "True if email is a role address, i.e admin@website.com", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "russian_free_email": { + "description": "True if email is a free Russian email, i.e mail.ru.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "score": { + "description": "A number between 0 (bad) and 100 (good).", + "disable_correlation": true, + "misp-attribute": "float", + "ui-priority": 1 + }, + "should_block": { + "description": "True if the score is bad (<= 70) and thus it should be blocked.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "suspicious_domain": { + "description": "True if domain is suspicious, i.e known spam or parked.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "suspicious_email": { + "description": "True if email is considered suspicious.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "suspicious_username": { + "description": "True if username is suspicious, i.e only numbers.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "username": { + "description": "Username part of the email address (email prefix)", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + }, + "valid_format": { + "description": "True if email has a valid format.", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + }, + "valid_tld": { + "description": "True if domain TLD is valid, i.e .com or .co.uk", + "disable_correlation": true, + "misp-attribute": "boolean", + "ui-priority": 1 + } + }, + "description": "Apivoid email verification API result. Reference: https://www.apivoid.com/api/email-verify/", + "meta-category": "misc", + "name": "apivoid-email-verification", + "required": [ + "email" + ], + "requiredOneOf": [ + "valid_format", + "username", + "role_address", + "suspicious_username", + "dirty_words_username", + "suspicious_email", + "domain", + "valid_tld", + "disposable", + "has_a_records", + "has_mx_records", + "has_spf_records", + "is_spoofable", + "dmarc_configured", + "dmarc_enforced", + "free_email", + "russian_free_email", + "china_free_email", + "suspicious_domain", + "dirty_words_domain", + "domain_popular", + "risky_tld", + "police_domain", + "government_domain", + "educational_domain", + "should_block", + "score" + ], + "uuid": "289492ab-4b74-49ec-add7-cd9b541f2245", + "version": 1 +} \ No newline at end of file