From 27fce9e7ec61d843b8b8a419df9bc52694d588f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lucas=20Magalh=C3=A3es?= Date: Mon, 20 Dec 2021 20:02:29 +0000 Subject: [PATCH] Add sane default for boolean objects --- objects/bank-account/definition.json | 6 ++- objects/cookie/definition.json | 10 ++++- objects/cortex/definition.json | 6 ++- .../definition.json | 42 ++++++++++++++++++- objects/intelmq_event/definition.json | 10 ++++- objects/meme-image/definition.json | 6 ++- objects/parler-account/definition.json | 10 ++++- objects/parler-post/definition.json | 6 ++- objects/process/definition.json | 6 ++- objects/regripper-NTUser/definition.json | 6 ++- .../definition.json | 30 ++++++++++++- .../definition.json | 10 ++++- .../definition.json | 6 ++- .../definition.json | 6 ++- objects/security-playbook/definition.json | 6 ++- objects/user-account/definition.json | 18 +++++++- objects/x509/definition.json | 10 ++++- 17 files changed, 177 insertions(+), 17 deletions(-) diff --git a/objects/bank-account/definition.json b/objects/bank-account/definition.json index fd19d8b..6bde6a6 100644 --- a/objects/bank-account/definition.json +++ b/objects/bank-account/definition.json @@ -93,6 +93,10 @@ "description": "A flag to define if this account belong to a non-banking organisation. If set to true, it's a non-banking organisation.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "opened": { @@ -167,5 +171,5 @@ "iban" ], "uuid": "b4712203-95a8-4883-80e9-b566f5df11c9", - "version": 2 + "version": 3 } \ No newline at end of file diff --git a/objects/cookie/definition.json b/objects/cookie/definition.json index 4250054..dce72d5 100644 --- a/objects/cookie/definition.json +++ b/objects/cookie/definition.json @@ -25,6 +25,10 @@ "description": "True if send only through HTTP", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "path": { @@ -37,6 +41,10 @@ "description": "True if cookie is sent over TLS", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "text": { @@ -66,5 +74,5 @@ "cookie" ], "uuid": "7755ad19-55c7-4da4-805e-197cf81bbcb8", - "version": 3 + "version": 4 } \ No newline at end of file diff --git a/objects/cortex/definition.json b/objects/cortex/definition.json index bb5ddb7..6841702 100644 --- a/objects/cortex/definition.json +++ b/objects/cortex/definition.json @@ -28,6 +28,10 @@ "description": "Result of the cortex job", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "summary": { @@ -44,5 +48,5 @@ "full" ], "uuid": "144988f3-fa00-4374-8015-c1a32092f451", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/intel471-vulnerability-intelligence/definition.json b/objects/intel471-vulnerability-intelligence/definition.json index 33a96e0..0bde919 100644 --- a/objects/intel471-vulnerability-intelligence/definition.json +++ b/objects/intel471-vulnerability-intelligence/definition.json @@ -4,18 +4,30 @@ "description": "The vulnerability is being discussed in open source.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "activity-location-private": { "description": "The vulnerability is being discussed in private/direct communications.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "activity-location-underground": { "description": "The vulnerability is being discussed in the underground.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "countermeasures": { @@ -52,42 +64,70 @@ "description": "Exploit code for the vulnerability is available.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "exploit-status-not-observed": { "description": "Exploit code or usage has not been observed for the vulnerability.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "exploit-status-productized": { "description": "There is a module for the vulnerability in commercial exploit kits or network security tools.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "exploit-status-weaponized": { "description": "The vulnerability has been used in an attack or has been included in an exploit kit.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "interest-level-disclosed-publicly": { "description": "The vulnerability has been disclosed publicly.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "interest-level-exploit-sought": { "description": "An exploit for the vulnerability is being sought.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "interest-level-researched-publicly": { "description": "The vulnerability has been researched or documented publicly.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "modified": { @@ -189,5 +229,5 @@ "cve-id" ], "uuid": "8f8ee946-1383-4139-b4da-ad8c5aceac07", - "version": 4 + "version": 5 } \ No newline at end of file diff --git a/objects/intelmq_event/definition.json b/objects/intelmq_event/definition.json index 5540e00..5c7b124 100644 --- a/objects/intelmq_event/definition.json +++ b/objects/intelmq_event/definition.json @@ -128,6 +128,10 @@ "destination.tor_node": { "description": "If the destination IP was a known tor node.", "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 }, "destination.url": { @@ -378,6 +382,10 @@ "source.tor_node": { "description": "If the source IP was a known tor node.", "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 }, "source.url": { @@ -415,5 +423,5 @@ "meta-category": "network", "name": "intelmq_event", "uuid": "491ac7d2-25a1-4078-8246-b04a132d003d", - "version": 4 + "version": 5 } \ No newline at end of file diff --git a/objects/meme-image/definition.json b/objects/meme-image/definition.json index d6b2484..db26f6e 100644 --- a/objects/meme-image/definition.json +++ b/objects/meme-image/definition.json @@ -18,6 +18,10 @@ "description": "A flag to define if this meme is part of an a/b test. If set to true, it is part of an a/b test set.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "archive": { @@ -103,5 +107,5 @@ "document-text" ], "uuid": "6f6c3b61-f085-475e-93df-2e2d9c2fb0f6", - "version": 7 + "version": 8 } \ No newline at end of file diff --git a/objects/parler-account/definition.json b/objects/parler-account/definition.json index 93f9a87..4884852 100644 --- a/objects/parler-account/definition.json +++ b/objects/parler-account/definition.json @@ -61,6 +61,10 @@ "description": "Account 'human' bool.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "interactions": { @@ -108,6 +112,10 @@ "description": "Account 'verified' bool.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 } }, @@ -123,5 +131,5 @@ "attachment" ], "uuid": "8d5ba58e-cac3-46a6-9d1f-cf236f7e95c9", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/parler-post/definition.json b/objects/parler-post/definition.json index a8d46c1..7a85e89 100644 --- a/objects/parler-post/definition.json +++ b/objects/parler-post/definition.json @@ -10,6 +10,10 @@ "description": "Indicates if the post is an article.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 }, "attachment": { @@ -141,5 +145,5 @@ "attachment" ], "uuid": "db85b789-df44-4522-8006-b611e52da5b2", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/process/definition.json b/objects/process/definition.json index e4427cc..474fe30 100644 --- a/objects/process/definition.json +++ b/objects/process/definition.json @@ -50,6 +50,10 @@ "description": "Specifies whether the process is hidden", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 }, "image": { @@ -178,5 +182,5 @@ "current-directory" ], "uuid": "02aeef94-ac23-455c-addb-731757ceafb5", - "version": 9 + "version": 10 } \ No newline at end of file diff --git a/objects/regripper-NTUser/definition.json b/objects/regripper-NTUser/definition.json index 91087ac..a1baf4b 100644 --- a/objects/regripper-NTUser/definition.json +++ b/objects/regripper-NTUser/definition.json @@ -57,6 +57,10 @@ "description": "Determines if the Recycle bin option has been disabled.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "recent-files-accessed": { @@ -94,5 +98,5 @@ "logon-user-name" ], "uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/regripper-software-hive-userprofile-winlogon/definition.json b/objects/regripper-software-hive-userprofile-winlogon/definition.json index b4c4bb1..77b4e77 100644 --- a/objects/regripper-software-hive-userprofile-winlogon/definition.json +++ b/objects/regripper-software-hive-userprofile-winlogon/definition.json @@ -4,12 +4,20 @@ "description": "Flag value to determine if autologon is enabled for a user without entering the password.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "AutoRestartShell": { "description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "CachedLogonCount": { @@ -34,6 +42,10 @@ "description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "Legal-notice-caption": { @@ -60,6 +72,10 @@ "description": "Flag value- if the system is set to power down after it is shutdown.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "PreCreateKnownFolders": { @@ -72,6 +88,10 @@ "description": "Flag to check if the reboot was successful.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "SID": { @@ -97,6 +117,10 @@ "description": "Value of the flag set to enable shutdown without requiring a user to login.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "UserInit": { @@ -109,6 +133,10 @@ "description": "Flag value set to enable/disable logons to the system.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "user-profile-key-last-write-time": { @@ -156,5 +184,5 @@ "SID" ], "uuid": "df03d0e4-3e6b-4e56-951a-142eae4cad59", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/regripper-system-hive-firewall-configuration/definition.json b/objects/regripper-system-hive-firewall-configuration/definition.json index 72fd527..4b4ca45 100644 --- a/objects/regripper-system-hive-firewall-configuration/definition.json +++ b/objects/regripper-system-hive-firewall-configuration/definition.json @@ -10,12 +10,20 @@ "description": "Boolean flag to determine if firewall notifications are enabled.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "enbled-firewall": { "description": "Boolean flag to determine if the firewall is enabled.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "last-write-time": { @@ -46,5 +54,5 @@ "profile" ], "uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/regripper-system-hive-general-configuration/definition.json b/objects/regripper-system-hive-general-configuration/definition.json index 72efd8b..7ab36a3 100644 --- a/objects/regripper-system-hive-general-configuration/definition.json +++ b/objects/regripper-system-hive-general-configuration/definition.json @@ -15,6 +15,10 @@ "description": "Specifies whether remote connections are enabled or disabled on the system.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "last-write-time": { @@ -85,5 +89,5 @@ "computer-name" ], "uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", - "version": 2 + "version": 3 } \ No newline at end of file diff --git a/objects/regripper-system-hive-network-information/definition.json b/objects/regripper-system-hive-network-information/definition.json index 845cd3d..9cb3c79 100644 --- a/objects/regripper-system-hive-network-information/definition.json +++ b/objects/regripper-system-hive-network-information/definition.json @@ -52,6 +52,10 @@ "description": "", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "interface-MediaSubType": { @@ -102,5 +106,5 @@ "network-key" ], "uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/security-playbook/definition.json b/objects/security-playbook/definition.json index 0e21093..c62b171 100644 --- a/objects/security-playbook/definition.json +++ b/objects/security-playbook/definition.json @@ -142,6 +142,10 @@ "description": "A boolean that identifies if the playbook creator deems that this playbook is no longer valid.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 }, "severity": { @@ -181,5 +185,5 @@ "playbook-type" ], "uuid": "48894c92-447b-4abe-b093-360c4d823e9d", - "version": 1 + "version": 2 } \ No newline at end of file diff --git a/objects/user-account/definition.json b/objects/user-account/definition.json index f9552f1..561c2c2 100644 --- a/objects/user-account/definition.json +++ b/objects/user-account/definition.json @@ -22,6 +22,10 @@ "description": "Specifies if the account has the ability to escalate privileges.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 }, "created": { @@ -40,6 +44,10 @@ "description": "Specifies if the account is desabled.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 }, "display-name": { @@ -82,6 +90,10 @@ "description": "Specifies if the account is associated with a network service.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 }, "last_login": { @@ -110,6 +122,10 @@ "description": "Specifies if the account has privileges such as root rights.", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 1 }, "shell": { @@ -144,5 +160,5 @@ "user-id" ], "uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", - "version": 5 + "version": 6 } \ No newline at end of file diff --git a/objects/x509/definition.json b/objects/x509/definition.json index f292cda..5e9a57f 100644 --- a/objects/x509/definition.json +++ b/objects/x509/definition.json @@ -22,6 +22,10 @@ "description": "CA certificate", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "issuer": { @@ -72,6 +76,10 @@ "description": "Self-signed certificate", "disable_correlation": true, "misp-attribute": "boolean", + "sane_default": [ + "True", + "False" + ], "ui-priority": 0 }, "serial-number": { @@ -152,5 +160,5 @@ "issuer" ], "uuid": "d1ab756a-26b5-4349-9f43-765630f0911c", - "version": 12 + "version": 13 } \ No newline at end of file