MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Add sane default for boolean objects

pull/340/head
Lucas Magalhães 2021-12-20 20:02:29 +00:00
parent 7dc84bfac1
commit 27fce9e7ec
17 changed files with 177 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
objects/bank-account/definition.json
View File

@ -93,6 +93,10 @@
"description": "A flag to define if this account belong to a non-banking organisation. If set to true, it's a non-banking organisation.", "description": "A flag to define if this account belong to a non-banking organisation. If set to true, it's a non-banking organisation.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"opened": { "opened": {
@ -167,5 +171,5 @@
"iban" "iban"
], ],
"uuid": "b4712203-95a8-4883-80e9-b566f5df11c9", "uuid": "b4712203-95a8-4883-80e9-b566f5df11c9",
"version": 2 "version": 3
} }

10
objects/cookie/definition.json
View File

@ -25,6 +25,10 @@
"description": "True if send only through HTTP", "description": "True if send only through HTTP",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"path": { "path": {
@ -37,6 +41,10 @@
"description": "True if cookie is sent over TLS", "description": "True if cookie is sent over TLS",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"text": { "text": {
@ -66,5 +74,5 @@
"cookie" "cookie"
], ],
"uuid": "7755ad19-55c7-4da4-805e-197cf81bbcb8", "uuid": "7755ad19-55c7-4da4-805e-197cf81bbcb8",
"version": 3 "version": 4
} }

6
objects/cortex/definition.json
View File

@ -28,6 +28,10 @@
"description": "Result of the cortex job", "description": "Result of the cortex job",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"summary": { "summary": {
@ -44,5 +48,5 @@
"full" "full"
], ],
"uuid": "144988f3-fa00-4374-8015-c1a32092f451", "uuid": "144988f3-fa00-4374-8015-c1a32092f451",
"version": 1 "version": 2
} }

42
objects/intel471-vulnerability-intelligence/definition.json
View File

@ -4,18 +4,30 @@
"description": "The vulnerability is being discussed in open source.", "description": "The vulnerability is being discussed in open source.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"activity-location-private": { "activity-location-private": {
"description": "The vulnerability is being discussed in private/direct communications.", "description": "The vulnerability is being discussed in private/direct communications.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"activity-location-underground": { "activity-location-underground": {
"description": "The vulnerability is being discussed in the underground.", "description": "The vulnerability is being discussed in the underground.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"countermeasures": { "countermeasures": {
@ -52,42 +64,70 @@
"description": "Exploit code for the vulnerability is available.", "description": "Exploit code for the vulnerability is available.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"exploit-status-not-observed": { "exploit-status-not-observed": {
"description": "Exploit code or usage has not been observed for the vulnerability.", "description": "Exploit code or usage has not been observed for the vulnerability.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"exploit-status-productized": { "exploit-status-productized": {
"description": "There is a module for the vulnerability in commercial exploit kits or network security tools.", "description": "There is a module for the vulnerability in commercial exploit kits or network security tools.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"exploit-status-weaponized": { "exploit-status-weaponized": {
"description": "The vulnerability has been used in an attack or has been included in an exploit kit.", "description": "The vulnerability has been used in an attack or has been included in an exploit kit.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"interest-level-disclosed-publicly": { "interest-level-disclosed-publicly": {
"description": "The vulnerability has been disclosed publicly.", "description": "The vulnerability has been disclosed publicly.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"interest-level-exploit-sought": { "interest-level-exploit-sought": {
"description": "An exploit for the vulnerability is being sought.", "description": "An exploit for the vulnerability is being sought.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"interest-level-researched-publicly": { "interest-level-researched-publicly": {
"description": "The vulnerability has been researched or documented publicly.", "description": "The vulnerability has been researched or documented publicly.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"modified": { "modified": {
@ -189,5 +229,5 @@
"cve-id" "cve-id"
], ],
"uuid": "8f8ee946-1383-4139-b4da-ad8c5aceac07", "uuid": "8f8ee946-1383-4139-b4da-ad8c5aceac07",
"version": 4 "version": 5
} }

10
objects/intelmq_event/definition.json
View File

@ -128,6 +128,10 @@
"destination.tor_node": { "destination.tor_node": {
"description": "If the destination IP was a known tor node.", "description": "If the destination IP was a known tor node.",
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
}, },
"destination.url": { "destination.url": {
@ -378,6 +382,10 @@
"source.tor_node": { "source.tor_node": {
"description": "If the source IP was a known tor node.", "description": "If the source IP was a known tor node.",
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
}, },
"source.url": { "source.url": {
@ -415,5 +423,5 @@
"meta-category": "network", "meta-category": "network",
"name": "intelmq_event", "name": "intelmq_event",
"uuid": "491ac7d2-25a1-4078-8246-b04a132d003d", "uuid": "491ac7d2-25a1-4078-8246-b04a132d003d",
"version": 4 "version": 5
} }

6
objects/meme-image/definition.json
View File

@ -18,6 +18,10 @@
"description": "A flag to define if this meme is part of an a/b test. If set to true, it is part of an a/b test set.", "description": "A flag to define if this meme is part of an a/b test. If set to true, it is part of an a/b test set.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"archive": { "archive": {
@ -103,5 +107,5 @@
"document-text" "document-text"
], ],
"uuid": "6f6c3b61-f085-475e-93df-2e2d9c2fb0f6", "uuid": "6f6c3b61-f085-475e-93df-2e2d9c2fb0f6",
"version": 7 "version": 8
} }

10
objects/parler-account/definition.json
View File

@ -61,6 +61,10 @@
"description": "Account 'human' bool.", "description": "Account 'human' bool.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"interactions": { "interactions": {
@ -108,6 +112,10 @@
"description": "Account 'verified' bool.", "description": "Account 'verified' bool.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
} }
}, },
@ -123,5 +131,5 @@
"attachment" "attachment"
], ],
"uuid": "8d5ba58e-cac3-46a6-9d1f-cf236f7e95c9", "uuid": "8d5ba58e-cac3-46a6-9d1f-cf236f7e95c9",
"version": 1 "version": 2
} }

6
objects/parler-post/definition.json
View File

@ -10,6 +10,10 @@
"description": "Indicates if the post is an article.", "description": "Indicates if the post is an article.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
}, },
"attachment": { "attachment": {
@ -141,5 +145,5 @@
"attachment" "attachment"
], ],
"uuid": "db85b789-df44-4522-8006-b611e52da5b2", "uuid": "db85b789-df44-4522-8006-b611e52da5b2",
"version": 1 "version": 2
} }

6
objects/process/definition.json
View File

@ -50,6 +50,10 @@
"description": "Specifies whether the process is hidden", "description": "Specifies whether the process is hidden",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
}, },
"image": { "image": {
@ -178,5 +182,5 @@
"current-directory" "current-directory"
], ],
"uuid": "02aeef94-ac23-455c-addb-731757ceafb5", "uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
"version": 9 "version": 10
} }

6
objects/regripper-NTUser/definition.json
View File

@ -57,6 +57,10 @@
"description": "Determines if the Recycle bin option has been disabled.", "description": "Determines if the Recycle bin option has been disabled.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"recent-files-accessed": { "recent-files-accessed": {
@ -94,5 +98,5 @@
"logon-user-name" "logon-user-name"
], ],
"uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65", "uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65",
"version": 1 "version": 2
} }

30
objects/regripper-software-hive-userprofile-winlogon/definition.json
View File

@ -4,12 +4,20 @@
"description": "Flag value to determine if autologon is enabled for a user without entering the password.", "description": "Flag value to determine if autologon is enabled for a user without entering the password.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"AutoRestartShell": { "AutoRestartShell": {
"description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.", "description": "Value of the flag set to auto restart the shell if it crashes or shuts down automatically.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"CachedLogonCount": { "CachedLogonCount": {
@ -34,6 +42,10 @@
"description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.", "description": "Flag to determine if user login is enabled by pressing Ctrl+ALT+Delete.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"Legal-notice-caption": { "Legal-notice-caption": {
@ -60,6 +72,10 @@
"description": "Flag value- if the system is set to power down after it is shutdown.", "description": "Flag value- if the system is set to power down after it is shutdown.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"PreCreateKnownFolders": { "PreCreateKnownFolders": {
@ -72,6 +88,10 @@
"description": "Flag to check if the reboot was successful.", "description": "Flag to check if the reboot was successful.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"SID": { "SID": {
@ -97,6 +117,10 @@
"description": "Value of the flag set to enable shutdown without requiring a user to login.", "description": "Value of the flag set to enable shutdown without requiring a user to login.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"UserInit": { "UserInit": {
@ -109,6 +133,10 @@
"description": "Flag value set to enable/disable logons to the system.", "description": "Flag value set to enable/disable logons to the system.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"user-profile-key-last-write-time": { "user-profile-key-last-write-time": {
@ -156,5 +184,5 @@
"SID" "SID"
], ],
"uuid": "df03d0e4-3e6b-4e56-951a-142eae4cad59", "uuid": "df03d0e4-3e6b-4e56-951a-142eae4cad59",
"version": 1 "version": 2
} }

10
objects/regripper-system-hive-firewall-configuration/definition.json
View File

@ -10,12 +10,20 @@
"description": "Boolean flag to determine if firewall notifications are enabled.", "description": "Boolean flag to determine if firewall notifications are enabled.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"enbled-firewall": { "enbled-firewall": {
"description": "Boolean flag to determine if the firewall is enabled.", "description": "Boolean flag to determine if the firewall is enabled.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"last-write-time": { "last-write-time": {
@ -46,5 +54,5 @@
"profile" "profile"
], ],
"uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07", "uuid": "d9839b3c-c013-4ba7-b5e5-2787198b9e07",
"version": 1 "version": 2
} }

6
objects/regripper-system-hive-general-configuration/definition.json
View File

@ -15,6 +15,10 @@
"description": "Specifies whether remote connections are enabled or disabled on the system.", "description": "Specifies whether remote connections are enabled or disabled on the system.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"last-write-time": { "last-write-time": {
@ -85,5 +89,5 @@
"computer-name" "computer-name"
], ],
"uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4", "uuid": "5ac85401-cbf1-4d05-a85e-1784546881e4",
"version": 2 "version": 3
} }

6
objects/regripper-system-hive-network-information/definition.json
View File

@ -52,6 +52,10 @@
"description": "", "description": "",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"interface-MediaSubType": { "interface-MediaSubType": {
@ -102,5 +106,5 @@
"network-key" "network-key"
], ],
"uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0", "uuid": "a5a3ba3a-ba2e-42a4-be45-b36809ae56f0",
"version": 1 "version": 2
} }

6
objects/security-playbook/definition.json
View File

@ -142,6 +142,10 @@
"description": "A boolean that identifies if the playbook creator deems that this playbook is no longer valid.", "description": "A boolean that identifies if the playbook creator deems that this playbook is no longer valid.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
}, },
"severity": { "severity": {
@ -181,5 +185,5 @@
"playbook-type" "playbook-type"
], ],
"uuid": "48894c92-447b-4abe-b093-360c4d823e9d", "uuid": "48894c92-447b-4abe-b093-360c4d823e9d",
"version": 1 "version": 2
} }

18
objects/user-account/definition.json
View File

@ -22,6 +22,10 @@
"description": "Specifies if the account has the ability to escalate privileges.", "description": "Specifies if the account has the ability to escalate privileges.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
}, },
"created": { "created": {
@ -40,6 +44,10 @@
"description": "Specifies if the account is desabled.", "description": "Specifies if the account is desabled.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
}, },
"display-name": { "display-name": {
@ -82,6 +90,10 @@
"description": "Specifies if the account is associated with a network service.", "description": "Specifies if the account is associated with a network service.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
}, },
"last_login": { "last_login": {
@ -110,6 +122,10 @@
"description": "Specifies if the account has privileges such as root rights.", "description": "Specifies if the account has privileges such as root rights.",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 1 "ui-priority": 1
}, },
"shell": { "shell": {
@ -144,5 +160,5 @@
"user-id" "user-id"
], ],
"uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3",
"version": 5 "version": 6
} }

10
objects/x509/definition.json
View File

@ -22,6 +22,10 @@
"description": "CA certificate", "description": "CA certificate",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"issuer": { "issuer": {
@ -72,6 +76,10 @@
"description": "Self-signed certificate", "description": "Self-signed certificate",
"disable_correlation": true, "disable_correlation": true,
"misp-attribute": "boolean", "misp-attribute": "boolean",
"sane_default": [
"True",
"False"
],
"ui-priority": 0 "ui-priority": 0
}, },
"serial-number": { "serial-number": {
@ -152,5 +160,5 @@
"issuer" "issuer"
], ],
"uuid": "d1ab756a-26b5-4349-9f43-765630f0911c", "uuid": "d1ab756a-26b5-4349-9f43-765630f0911c",
"version": 12 "version": 13
} }