From 23948855537a368c430e4fc563302e843a6f8a82 Mon Sep 17 00:00:00 2001 From: Quentin JEROME Date: Wed, 6 Oct 2021 20:13:39 +0200 Subject: [PATCH] Ran jq_all_the_things.sh --- objects/edr-report/definition.json | 180 ++++++++++++++--------------- 1 file changed, 90 insertions(+), 90 deletions(-) diff --git a/objects/edr-report/definition.json b/objects/edr-report/definition.json index 40325e0..0ef15fd 100644 --- a/objects/edr-report/definition.json +++ b/objects/edr-report/definition.json @@ -1,92 +1,92 @@ { - "attributes": { - "id": { - "description": "Report unique identifier", - "misp-attribute": "text", - "ui-priority": 1 - }, - "product": { - "description": "EDR product name", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 1 - }, - "endpoint-id": { - "description": "Unique identifier of the endpoint concerned by the report", - "misp-attribute": "text", - "ui-priority": 1 - }, - "hostname": { - "description": "Endpoint hostname", - "misp-attribute": "text", - "ui-priority": 1 - }, - "ip": { - "description": "Endpoint IP address", - "disable_correlation": true, - "misp-attribute": "ip-src", - "ui-priority": 1 - }, - "event": { - "description": "Raw EDR event which triggered reporting", - "disable_correlation": true, - "misp-attribute": "attachment", - "ui-priority": 1 - }, - "comment": { - "description": "Any valuable comment about the report", - "disable_correlation": true, - "misp-attribute": "text", - "ui-priority": 0 - }, - "processes": { - "description": "JSON file containing metadata about running processes at the time of detection", - "disable_correlation": true, - "misp-attribute": "attachment", - "ui-priority": 0 - }, - "modules": { - "description": "JSON file containing metadata about modules loaded on the system", - "disable_correlation": true, - "misp-attribute": "attachment", - "ui-priority": 0 - }, - "drivers": { - "description": "JSON file containing metadata about drivers loaded on the system", - "disable_correlation": true, - "misp-attribute": "attachment", - "ui-priority": 0 - }, - "command": { - "description": "JSON file containing the output of a command ran at report generation", - "disable_correlation": true, - "misp-attribute": "attachment", - "multiple": true, - "ui-priority": 0 - }, - "executable": { - "description": "Executable file involved in detection", - "disable_correlation": true, - "misp-attribute": "attachment", - "multiple": true, - "ui-priority": 0 - }, - "additional-file": { - "description": "Additional file involved in detection", - "disable_correlation": true, - "misp-attribute": "attachment", - "multiple": true, - "ui-priority": 0 - } + "attributes": { + "additional-file": { + "description": "Additional file involved in detection", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 0 }, - "description": "An Object Template to encode an EDR detection report", - "meta-category": "misc", - "name": "edr-report", - "requiredOneOf": [ - "id", - "endpoint-id", - "event" - ], - "uuid": "eeeca35c-cfcb-49f9-81be-e0c31d83c116", - "version": 1 -} + "command": { + "description": "JSON file containing the output of a command ran at report generation", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 0 + }, + "comment": { + "description": "Any valuable comment about the report", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 0 + }, + "drivers": { + "description": "JSON file containing metadata about drivers loaded on the system", + "disable_correlation": true, + "misp-attribute": "attachment", + "ui-priority": 0 + }, + "endpoint-id": { + "description": "Unique identifier of the endpoint concerned by the report", + "misp-attribute": "text", + "ui-priority": 1 + }, + "event": { + "description": "Raw EDR event which triggered reporting", + "disable_correlation": true, + "misp-attribute": "attachment", + "ui-priority": 1 + }, + "executable": { + "description": "Executable file involved in detection", + "disable_correlation": true, + "misp-attribute": "attachment", + "multiple": true, + "ui-priority": 0 + }, + "hostname": { + "description": "Endpoint hostname", + "misp-attribute": "text", + "ui-priority": 1 + }, + "id": { + "description": "Report unique identifier", + "misp-attribute": "text", + "ui-priority": 1 + }, + "ip": { + "description": "Endpoint IP address", + "disable_correlation": true, + "misp-attribute": "ip-src", + "ui-priority": 1 + }, + "modules": { + "description": "JSON file containing metadata about modules loaded on the system", + "disable_correlation": true, + "misp-attribute": "attachment", + "ui-priority": 0 + }, + "processes": { + "description": "JSON file containing metadata about running processes at the time of detection", + "disable_correlation": true, + "misp-attribute": "attachment", + "ui-priority": 0 + }, + "product": { + "description": "EDR product name", + "disable_correlation": true, + "misp-attribute": "text", + "ui-priority": 1 + } + }, + "description": "An Object Template to encode an EDR detection report", + "meta-category": "misc", + "name": "edr-report", + "requiredOneOf": [ + "id", + "endpoint-id", + "event" + ], + "uuid": "eeeca35c-cfcb-49f9-81be-e0c31d83c116", + "version": 1 +} \ No newline at end of file