MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1 from mike1703/master 

email object added
pull/7/head
Alexandre Dulaunoy 2016-12-12 20:54:03 +01:00 committed by GitHub
parent 8dd0b293b0 30512f69af
commit 284c4e4084
2 changed files with 126 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
objects/email/definition.json Normal file
View File

@ -0,0 +1,86 @@
{
"name": "email",
"meta-category": "email",
"description": "Email object describing an email with meta-information",
"version": 1,
"attributes" :
{
"from": {
"misp-attribute": "email-src",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"]
},
"from-display-name": {
"misp-attribute": "email-src-display-name",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"]
},
"to": {
"misp-attribute": "email-dst",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"],
"multiple": true
},
"to-display-name": {
"misp-attribute": "email-dst-display-name",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"],
"multiple": true
},
"subject": {
"misp-attribute": "email-subject",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"]
},
"attachment": {
"misp-attribute": "email-attachment",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"],
"multiple": true
},
"message-id": {
"misp-attribute": "email-message-id",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"]
},
"reply-to": {
"misp-attribute": "email-reply-to",
"misp-usage-frequency": 1,
"categories": ["Payload delivery"]
},
"send-date": {
"misp-attribute": "datetime",
"misp-usage-frequency": 0,
"categories": ["Other"]
},
"url": {
"misp-attribute": "url",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"],
"multiple": true
},
"mime-boundary": {
"misp-attribute": "email-mime-boundary",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"]
},
"thread-index": {
"misp-attribute": "email-thread-index",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"]
},
"header": {
"misp-attribute": "email-header",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"],
"multiple": true
},
"x-mailer": {
"misp-attribute": "email-xmailer",
"misp-usage-frequency": 0,
"categories": ["Payload delivery"]
}
},
"requiredOneOf": ["email-src", "email-src-display-name", "email-dst", "email-dst-display-name", "email-subject", "email-attachment", "email-message-id", "email-reply-to", "send-date", "url", "email-mime-boundary", "email-thread-index", "email-header", "x-mailer"]
}

40
objects/registry-key/definition.json Normal file
View File

@ -0,0 +1,40 @@
{
"name": "registry-key",
"meta-category": "file",
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"version": 1,
"attributes" :
{
"hive": {
"misp-attribute": "reg-hive",
"misp-usage-frequency": 1,
"categories": ["Persistence mechanism"]
},
"key": {
"misp-attribute": "reg-key",
"misp-usage-frequency": 1,
"categories": ["Persistence mechanism"]
},
"name": {
"misp-attribute": "reg-name",
"misp-usage-frequency": 1,
"categories": ["Persistence mechanism"]
},
"data": {
"misp-attribute": "reg-data",
"misp-usage-frequency": 1,
"categories": ["Persistence mechanism"]
},
"data-type": {
"misp-attribute": "reg-datatype",
"misp-usage-frequency": 0,
"categories": ["Persistence mechanism"]
},
"last-modified": {
"misp-attribute": "datetime",
"misp-usage-frequency": 0,
"categories": ["Other"]
}
},
"required": ["key", "name"]
}