MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Add sane default for boolean objects

pull/340/head
Lucas Magalhães 2021-12-20 20:02:29 +00:00
parent 7dc84bfac1
commit 27fce9e7ec
17 changed files with 177 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
objects/bank-account/definition.json
View File

@ -93,6 +93,10 @@
"description": "A flag to define if this account belong to a non-banking organisation. If set to true, it's a non-banking organisation.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"opened": {
@ -167,5 +171,5 @@
"iban"
],
"uuid": "b4712203-95a8-4883-80e9-b566f5df11c9",
"version": 2
"version": 3
}

10
objects/cookie/definition.json
View File

@ -25,6 +25,10 @@
"description": "True if send only through HTTP",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"path": {
@ -37,6 +41,10 @@
"description": "True if cookie is sent over TLS",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"text": {
@ -66,5 +74,5 @@
"cookie"
],
"uuid": "7755ad19-55c7-4da4-805e-197cf81bbcb8",
"version": 3
"version": 4
}

6
objects/cortex/definition.json
View File

@ -28,6 +28,10 @@
"description": "Result of the cortex job",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"summary": {
@ -44,5 +48,5 @@
"full"
],
"uuid": "144988f3-fa00-4374-8015-c1a32092f451",
"version": 1
"version": 2
}

42
objects/intel471-vulnerability-intelligence/definition.json
View File

@ -4,18 +4,30 @@
"description": "The vulnerability is being discussed in open source.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"activity-location-private": {
"description": "The vulnerability is being discussed in private/direct communications.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"activity-location-underground": {
"description": "The vulnerability is being discussed in the underground.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"countermeasures": {
@ -52,42 +64,70 @@
"description": "Exploit code for the vulnerability is available.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"exploit-status-not-observed": {
"description": "Exploit code or usage has not been observed for the vulnerability.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"exploit-status-productized": {
"description": "There is a module for the vulnerability in commercial exploit kits or network security tools.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"exploit-status-weaponized": {
"description": "The vulnerability has been used in an attack or has been included in an exploit kit.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"interest-level-disclosed-publicly": {
"description": "The vulnerability has been disclosed publicly.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"interest-level-exploit-sought": {
"description": "An exploit for the vulnerability is being sought.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"interest-level-researched-publicly": {
"description": "The vulnerability has been researched or documented publicly.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"modified": {
@ -189,5 +229,5 @@
"cve-id"
],
"uuid": "8f8ee946-1383-4139-b4da-ad8c5aceac07",
"version": 4
"version": 5
}

10
objects/intelmq_event/definition.json
View File

@ -128,6 +128,10 @@
"destination.tor_node": {
"description": "If the destination IP was a known tor node.",
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
"destination.url": {
@ -378,6 +382,10 @@
"source.tor_node": {
"description": "If the source IP was a known tor node.",
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
"source.url": {
@ -415,5 +423,5 @@
"meta-category": "network",
"name": "intelmq_event",
"uuid": "491ac7d2-25a1-4078-8246-b04a132d003d",
"version": 4
"version": 5
}

6
objects/meme-image/definition.json
View File

@ -18,6 +18,10 @@
"description": "A flag to define if this meme is part of an a/b test. If set to true, it is part of an a/b test set.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"archive": {
@ -103,5 +107,5 @@
"document-text"
],
"uuid": "6f6c3b61-f085-475e-93df-2e2d9c2fb0f6",
"version": 7
"version": 8
}

10
objects/parler-account/definition.json
View File

@ -61,6 +61,10 @@
"description": "Account 'human' bool.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"interactions": {
@ -108,6 +112,10 @@
"description": "Account 'verified' bool.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
}
},
@ -123,5 +131,5 @@
"attachment"
],
"uuid": "8d5ba58e-cac3-46a6-9d1f-cf236f7e95c9",
"version": 1
"version": 2
}

6
objects/parler-post/definition.json
View File

@ -10,6 +10,10 @@
"description": "Indicates if the post is an article.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
"attachment": {
@ -141,5 +145,5 @@
"attachment"
],
"uuid": "db85b789-df44-4522-8006-b611e52da5b2",
"version": 1
"version": 2
}

6
objects/process/definition.json
View File

@ -50,6 +50,10 @@
"description": "Specifies whether the process is hidden",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
"image": {
@ -178,5 +182,5 @@
"current-directory"
],
"uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"version": 9
"version": 10
}

6
objects/regripper-NTUser/definition.json
View File

@ -57,6 +57,10 @@
"description": "Determines if the Recycle bin option has been disabled.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"recent-files-accessed": {
@ -94,5 +98,5 @@
"logon-user-name"
],
"uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65",
"version": 1
"version": 2
}

30
objects/regripper-software-hive-userprofile-winlogon/definition.json
View File

@ -4,12 +4,20 @@
"description": "Flag value to determine if autologon is enabled for a user without entering the password.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"AutoRestartShell": {
"description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"CachedLogonCount": {
@ -34,6 +42,10 @@
"description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"Legal-notice-caption": {
@ -60,6 +72,10 @@
"description": "Flag value- if the system is set to power down after it is shutdown.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"PreCreateKnownFolders": {
@ -72,6 +88,10 @@
"description": "Flag to check if the reboot was successful.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"SID": {
@ -97,6 +117,10 @@
"description": "Value of the flag set to enable shutdown without requiring a user to login.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"UserInit": {
@ -109,6 +133,10 @@
"description": "Flag value set to enable/disable logons to the system.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"user-profile-key-last-write-time": {
@ -156,5 +184,5 @@
"SID"
],
"uuid": "df03d0e4-3e6b-4e56-951a-142eae4cad59",
"version": 1
"version": 2
}

10
objects/regripper-system-hive-firewall-configuration/definition.json
View File

@ -10,12 +10,20 @@
"description": "Boolean flag to determine if firewall notifications are enabled.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"enbled-firewall": {
"description": "Boolean flag to determine if the firewall is enabled.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"last-write-time": {
@ -46,5 +54,5 @@
"profile"
],
"uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07",
"version": 1
"version": 2
}

6
objects/regripper-system-hive-general-configuration/definition.json
View File

@ -15,6 +15,10 @@
"description": "Specifies whether remote connections are enabled or disabled on the system.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"last-write-time": {
@ -85,5 +89,5 @@
"computer-name"
],
"uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4",
"version": 2
"version": 3
}

6
objects/regripper-system-hive-network-information/definition.json
View File

@ -52,6 +52,10 @@
"description": "",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"interface-MediaSubType": {
@ -102,5 +106,5 @@
"network-key"
],
"uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0",
"version": 1
"version": 2
}

6
objects/security-playbook/definition.json
View File

@ -142,6 +142,10 @@
"description": "A boolean that identifies if the playbook creator deems that this playbook is no longer valid.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
"severity": {
@ -181,5 +185,5 @@
"playbook-type"
],
"uuid": "48894c92-447b-4abe-b093-360c4d823e9d",
"version": 1
"version": 2
}

18
objects/user-account/definition.json
View File

@ -22,6 +22,10 @@
"description": "Specifies if the account has the ability to escalate privileges.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
"created": {
@ -40,6 +44,10 @@
"description": "Specifies if the account is desabled.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
"display-name": {
@ -82,6 +90,10 @@
"description": "Specifies if the account is associated with a network service.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
"last_login": {
@ -110,6 +122,10 @@
"description": "Specifies if the account has privileges such as root rights.",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1
},
"shell": {
@ -144,5 +160,5 @@
"user-id"
],
"uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3",
"version": 5
"version": 6
}

10
objects/x509/definition.json
View File

@ -22,6 +22,10 @@
"description": "CA certificate",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"issuer": {
@ -72,6 +76,10 @@
"description": "Self-signed certificate",
"disable_correlation": true,
"misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0
},
"serial-number": {
@ -152,5 +160,5 @@
"issuer"
],
"uuid": "d1ab756a-26b5-4349-9f43-765630f0911c",
"version": 12
"version": 13
}