MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

ran jq_all_the_things.sh

pull/394/head
Michael Trenker 2023-06-14 11:54:46 +00:00
parent 25e1790e74
commit 241f4455ac
1 changed files with 67 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
objects/diamond/definition.json
View File

@ -1,70 +1,24 @@
{ {
"required": [
"EventID",
"Advesary",
"Capability",
"Infrastructure",
"Victim"
],
"version": 1,
"description": "A diamond model event object consisting of the four diamond features advesary, infrastructure, capability and victim, several meta-features and ioc attributes.",
"meta-category": "internal",
"uuid": "a9618450-694d-4c73-9f76-35ea0150c19e",
"name": "diamond-event",
"attributes": { "attributes": {
"EventID": {
"description": "Id of the event",
"ui-priority": 0,
"misp-attribute": "counter"
},
"Advesary": { "Advesary": {
"description": "The advesary who attacks the victim", "description": "The advesary who attacks the victim",
"ui-priority": 0, "misp-attribute": "text",
"misp-attribute": "text" "ui-priority": 0
}, },
"Capability": { "Capability": {
"description": "The capability used to attack the victim", "description": "The capability used to attack the victim",
"ui-priority": 0,
"misp-attribute": "text"
},
"Infrastructure": {
"description": "The infrastructure used in the attack",
"ui-priority": 0,
"misp-attribute": "text"
},
"Victim": {
"description": "The attacked victim",
"ui-priority": 0,
"misp-attribute": "text"
},
"Timestamp": {
"description": "Timestamp when the event happened",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"Phase": {
"description": "The event mapped to a phase of the killchain",
"ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"values_list": [ "ui-priority": 0
"Reconnaissance",
"Weaponization",
"Delivery",
"Exploitation",
"Installation",
"C2",
"Action on Objectives"
]
}, },
"Result": { "Description": {
"description": "The result of the event", "description": "Further context to the event",
"ui-priority": 0, "misp-attribute": "text",
"misp-attribute": "text" "ui-priority": 0
}, },
"Direction": { "Direction": {
"description": "The network-based direction of the event", "description": "The network-based direction of the event",
"ui-priority": 0,
"misp-attribute": "text", "misp-attribute": "text",
"ui-priority": 0,
"values_list": [ "values_list": [
"Victim-to-Infrastructure", "Victim-to-Infrastructure",
"Infrastructure-to-Victim", "Infrastructure-to-Victim",
@ -75,32 +29,78 @@
"Unknown" "Unknown"
] ]
}, },
"EventID": {
"description": "Id of the event",
"misp-attribute": "counter",
"ui-priority": 0
},
"Infrastructure": {
"description": "The infrastructure used in the attack",
"misp-attribute": "text",
"ui-priority": 0
},
"Methodology": { "Methodology": {
"description": "Mitre-Attack mapping of the event", "description": "Mitre-Attack mapping of the event",
"misp-attribute": "text",
"ui-priority": 0
},
"Phase": {
"description": "The event mapped to a phase of the killchain",
"misp-attribute": "text",
"ui-priority": 0, "ui-priority": 0,
"misp-attribute": "text" "values_list": [
"Reconnaissance",
"Weaponization",
"Delivery",
"Exploitation",
"Installation",
"C2",
"Action on Objectives"
]
}, },
"Resources": { "Resources": {
"description": "The resources the attacker needed for the event to succeed", "description": "The resources the attacker needed for the event to succeed",
"ui-priority": 0, "misp-attribute": "text",
"misp-attribute": "text" "ui-priority": 0
}, },
"Description": { "Result": {
"description": "Further context to the event", "description": "The result of the event",
"ui-priority": 0, "misp-attribute": "text",
"misp-attribute": "text" "ui-priority": 0
},
"Timestamp": {
"description": "Timestamp when the event happened",
"misp-attribute": "datetime",
"ui-priority": 0
},
"Victim": {
"description": "The attacked victim",
"misp-attribute": "text",
"ui-priority": 0
}, },
"ioc": { "ioc": {
"description": "Generic IOC", "description": "Generic IOC",
"ui-priority": 0, "misp-attribute": "text",
"multiple": true, "multiple": true,
"misp-attribute": "text" "ui-priority": 0
}, },
"textfield": { "textfield": {
"description": "Generic textfield", "description": "Generic textfield",
"ui-priority": 0, "misp-attribute": "text",
"multiple": true, "multiple": true,
"misp-attribute": "text" "ui-priority": 0
} }
} },
"description": "A diamond model event object consisting of the four diamond features advesary, infrastructure, capability and victim, several meta-features and ioc attributes.",
"meta-category": "internal",
"name": "diamond-event",
"required": [
"EventID",
"Advesary",
"Capability",
"Infrastructure",
"Victim"
],
"uuid": "a9618450-694d-4c73-9f76-35ea0150c19e",
"version": 1
} }