MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

jq

pull/394/head
Michael Trewen 2023-06-13 19:15:23 +02:00
parent 71cc235a5d
commit 25e1790e74
1 changed files with 104 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
objects/diamond/definition.json
View File

@ -1,106 +1,106 @@
{
"required": [
"EventID",
"Advesary",
"Capability",
"Infrastructure",
"Victim"
],
"version": 1,
"description": "A diamond model event object consisting of the four diamond features advesary, infrastructure, capability and victim, several meta-features and ioc attributes.",
"meta-category": "internal",
"uuid": "a9618450-694d-4c73-9f76-35ea0150c19e",
"name": "diamond-event",
"attributes": {
"EventID": {
"description": "Id of the event",
"ui-priority": 0,
"misp-attribute": "counter"
},
"Advesary": {
"description": "The advesary who attacks the victim",
"ui-priority": 0,
"misp-attribute": "text"
},
"Capability": {
"description": "The capability used to attack the victim",
"ui-priority": 0,
"misp-attribute": "text"
},
"Infrastructure": {
"description": "The infrastructure used in the attack",
"ui-priority": 0,
"misp-attribute": "text"
},
"Victim": {
"description": "The attacked victim",
"ui-priority": 0,
"misp-attribute": "text"
},
"Timestamp": {
"description": "Timestamp when the event happened",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"Phase": {
"description": "The event mapped to a phase of the killchain",
"ui-priority": 0,
"misp-attribute": "text",
"values_list": [
"Reconnaissance",
"Weaponization",
"Delivery",
"Exploitation",
"Installation",
"C2",
"Action on Objectives"
]
},
"Result": {
"description": "The result of the event",
"ui-priority": 0,
"misp-attribute": "text"
},
"Direction": {
"description": "The network-based direction of the event",
"ui-priority": 0,
"misp-attribute": "text",
"values_list": [
"Victim-to-Infrastructure",
"Infrastructure-to-Victim",
"Infrastructure-to-Infrastructure",
"Adversary-to-Infrastructure",
"Infrastructure-to-Adversary",
"Bidirectional",
"Unknown"
]
},
"Methodology": {
"description": "Mitre-Attack mapping of the event",
"ui-priority": 0,
"misp-attribute": "text"
},
"Resources": {
"description": "The resources the attacker needed for the event to succeed",
"ui-priority": 0,
"misp-attribute": "text"
},
"Description": {
"description": "Further context to the event",
"ui-priority": 0,
"misp-attribute": "text"
},
"ioc": {
"description": "Generic IOC",
"ui-priority": 0,
"multiple": true,
"misp-attribute": "text"
},
"textfield": {
"description": "Generic textfield",
"ui-priority": 0,
"multiple": true,
"misp-attribute": "text"
}
"required": [
"EventID",
"Advesary",
"Capability",
"Infrastructure",
"Victim"
],
"version": 1,
"description": "A diamond model event object consisting of the four diamond features advesary, infrastructure, capability and victim, several meta-features and ioc attributes.",
"meta-category": "internal",
"uuid": "a9618450-694d-4c73-9f76-35ea0150c19e",
"name": "diamond-event",
"attributes": {
"EventID": {
"description": "Id of the event",
"ui-priority": 0,
"misp-attribute": "counter"
},
"Advesary": {
"description": "The advesary who attacks the victim",
"ui-priority": 0,
"misp-attribute": "text"
},
"Capability": {
"description": "The capability used to attack the victim",
"ui-priority": 0,
"misp-attribute": "text"
},
"Infrastructure": {
"description": "The infrastructure used in the attack",
"ui-priority": 0,
"misp-attribute": "text"
},
"Victim": {
"description": "The attacked victim",
"ui-priority": 0,
"misp-attribute": "text"
},
"Timestamp": {
"description": "Timestamp when the event happened",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"Phase": {
"description": "The event mapped to a phase of the killchain",
"ui-priority": 0,
"misp-attribute": "text",
"values_list": [
"Reconnaissance",
"Weaponization",
"Delivery",
"Exploitation",
"Installation",
"C2",
"Action on Objectives"
]
},
"Result": {
"description": "The result of the event",
"ui-priority": 0,
"misp-attribute": "text"
},
"Direction": {
"description": "The network-based direction of the event",
"ui-priority": 0,
"misp-attribute": "text",
"values_list": [
"Victim-to-Infrastructure",
"Infrastructure-to-Victim",
"Infrastructure-to-Infrastructure",
"Adversary-to-Infrastructure",
"Infrastructure-to-Adversary",
"Bidirectional",
"Unknown"
]
},
"Methodology": {
"description": "Mitre-Attack mapping of the event",
"ui-priority": 0,
"misp-attribute": "text"
},
"Resources": {
"description": "The resources the attacker needed for the event to succeed",
"ui-priority": 0,
"misp-attribute": "text"
},
"Description": {
"description": "Further context to the event",
"ui-priority": 0,
"misp-attribute": "text"
},
"ioc": {
"description": "Generic IOC",
"ui-priority": 0,
"multiple": true,
"misp-attribute": "text"
},
"textfield": {
"description": "Generic textfield",
"ui-priority": 0,
"multiple": true,
"misp-attribute": "text"
}
}
}
}