Merge pull request #1 from mike1703/master

email object added
2016-12-12 20:54:03 +01:00 · 2016-12-12 20:54:03 +01:00 · 284c4e4084
parent 8dd0b293b0 30512f69af
commit 284c4e4084
2 changed files with 126 additions and 0 deletions
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@ -0,0 +1,86 @@
+{
+        "name": "email",
+        "meta-category": "email",
+        "description": "Email object describing an email with meta-information",
+        "version": 1,
+        "attributes" :
+        {
+		"from": {
+			"misp-attribute": "email-src",
+			"misp-usage-frequency": 1,
+			"categories": ["Payload delivery"]
+		},
+		"from-display-name": {
+			"misp-attribute": "email-src-display-name",
+			"misp-usage-frequency": 1,
+			"categories": ["Payload delivery"]
+		},
+		"to": {
+			"misp-attribute": "email-dst",
+			"misp-usage-frequency": 1,
+			"categories": ["Payload delivery"],
+			"multiple": true
+		},
+		"to-display-name": {
+			"misp-attribute": "email-dst-display-name",
+			"misp-usage-frequency": 1,
+			"categories": ["Payload delivery"],
+			"multiple": true
+		},
+		"subject": {
+			"misp-attribute": "email-subject",
+			"misp-usage-frequency": 1,
+			"categories": ["Payload delivery"]
+		},
+		"attachment": {
+			"misp-attribute": "email-attachment",
+			"misp-usage-frequency": 0,
+			"categories": ["Payload delivery"],
+			"multiple": true
+		},
+		"message-id": {
+			"misp-attribute": "email-message-id",
+			"misp-usage-frequency": 0,
+			"categories": ["Payload delivery"]
+		},
+		"reply-to": {
+			"misp-attribute": "email-reply-to",
+			"misp-usage-frequency": 1,
+			"categories": ["Payload delivery"]
+		},
+		"send-date": {
+			"misp-attribute": "datetime",
+			"misp-usage-frequency": 0,
+			"categories": ["Other"]
+		},
+		"url": {
+			"misp-attribute": "url",
+			"misp-usage-frequency": 0,
+			"categories": ["Payload delivery"],
+			"multiple": true
+		},
+		"mime-boundary": {
+			"misp-attribute": "email-mime-boundary",
+			"misp-usage-frequency": 0,
+			"categories": ["Payload delivery"]
+		},
+		"thread-index": {
+			"misp-attribute": "email-thread-index",
+			"misp-usage-frequency": 0,
+			"categories": ["Payload delivery"]
+		},
+		"header": {
+			"misp-attribute": "email-header",
+			"misp-usage-frequency": 0,
+			"categories": ["Payload delivery"],
+			"multiple": true
+		},
+		"x-mailer": {
+			"misp-attribute": "email-xmailer",
+			"misp-usage-frequency": 0,
+			"categories": ["Payload delivery"]
+		}
+
+        },
+        "requiredOneOf": ["email-src", "email-src-display-name", "email-dst", "email-dst-display-name", "email-subject", "email-attachment", "email-message-id", "email-reply-to", "send-date", "url", "email-mime-boundary", "email-thread-index", "email-header", "x-mailer"]
+}
--- a/objects/registry-key/definition.json
+++ b/objects/registry-key/definition.json
@ -0,0 +1,40 @@
+{
+        "name": "registry-key",
+        "meta-category": "file",
+        "description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
+        "version": 1,
+        "attributes" :
+        {
+		"hive": {
+			"misp-attribute": "reg-hive",
+			"misp-usage-frequency": 1,
+			"categories": ["Persistence mechanism"]
+		},
+		"key": {
+			"misp-attribute": "reg-key",
+			"misp-usage-frequency": 1,
+			"categories": ["Persistence mechanism"]
+		},
+		"name": {
+			"misp-attribute": "reg-name",
+			"misp-usage-frequency": 1,
+			"categories": ["Persistence mechanism"]
+		},
+		"data": {
+			"misp-attribute": "reg-data",
+			"misp-usage-frequency": 1,
+			"categories": ["Persistence mechanism"]
+		},
+		"data-type": {
+			"misp-attribute": "reg-datatype",
+			"misp-usage-frequency": 0,
+			"categories": ["Persistence mechanism"]
+		},
+		"last-modified": {
+			"misp-attribute": "datetime",
+			"misp-usage-frequency": 0,
+			"categories": ["Other"]
+		}
+        },
+	"required": ["key", "name"]
+}