Add and enforce UUID in the object definitions

objects/ddos/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "ddos",
+  "uuid": "e2f124d6-f57c-4f93-99e6-8450545fa05d",
   "meta-category": "network",
   "description": "DDoS object describes a current DDoS activity from a specific or/and to a specific target. Type of DDoS can be attached to the object as a taxonomy",
   "version": 1,

objects/domain-ip/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "domain|ip",
+  "uuid": "43b3b146-77eb-4931-b4cc-b66c60f28734",
   "meta-category": "network",
   "description": "A domain and IP address seen as a tuple in a specific time frame.",
   "version": 1,

objects/elf-section/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "elf-section",
+  "uuid": "ca271f32-1234-4e87-b240-6b6e882de5de",
   "meta-category": "file",
   "description": "Object describing a section of an Executable and Linkable Format",
   "version": 1,

objects/elf/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "elf",
+  "uuid": "fa6534ae-ad74-4ce0-8f23-15a66c82c7fa",
   "meta-category": "file",
   "description": "Object describing a Executable and Linkable Format",
   "version": 1,

objects/email/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "email",
+  "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
   "meta-category": "email",
   "description": "Email object describing an email with meta-information",
   "version": 1,

objects/file/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "file",
+  "uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
   "meta-category": "file",
   "description": "File object describing a file with meta-information",
   "version": 1,
@@ -83,8 +84,8 @@
       "disable_correlation": true
     },
     "malware-sample": {
-        "misp-attribute": "malware-sample",
-        "misp-usage-frequency": 1
+      "misp-attribute": "malware-sample",
+      "misp-usage-frequency": 1
     }
   },
   "requiredOneOf": [

objects/ip-port/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "ip|port",
+  "uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
   "meta-category": "network",
   "description": "An IP address and a port seen as a tuple (or as a triple) in a specific time frame.",
   "version": 1,

objects/passive-dns/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "passive-dns",
+  "uuid": "b77b7b1c-66ab-4a41-8da4-83810f6d2d6c",
   "meta-category": "network",
   "description": "Passive DNS records as expressed in draft-dulaunoy-dnsop-passive-dns-cof-01",
   "version": 1,

objects/pe-section/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "pe-section",
+  "uuid": "198a17d2-a135-4b25-9a32-5aa4e632014a",
   "meta-category": "file",
   "description": "Object describing a section of a Portable Executable",
   "version": 1,

objects/pe/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "pe",
+  "uuid": "cf7adecc-d4f0-4e88-9d90-f978ee151a07",
   "meta-category": "file",
   "description": "Object describing a Portable Executable",
   "version": 1,

objects/registry-key/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "registry-key",
+  "uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
   "meta-category": "file",
   "description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
   "version": 1,

objects/url/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "url",
+  "uuid": "60efb77b-40b5-4c46-871b-ed1ed999fce5",
   "meta-category": "network",
   "description": "url object describes an url along with its normalized field (like extracted using faup parsing library) and its metadata.",
   "version": 1,

objects/vulnerability/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "vulnerability",
+  "uuid": "81650945-f186-437b-8945-9f31715d32da",
   "meta-category": "network",
   "description": "Vulnerability object describing common vulnerability enumeration",
   "version": 1,

objects/whois/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "whois",
+  "uuid": "429faea1-34ff-47af-8a00-7c62d3be5a6a",
   "meta-category": "network",
   "description": "Whois records information for a domain name.",
   "version": 1,

objects/x509/definition.json

@@ -1,5 +1,6 @@
 {
   "name": "x509",
+  "uuid": "d1ab756a-26b5-4349-9f43-765630f0911c",
   "meta-category": "network",
   "description": "x509 object describing a X.509 certificate",
   "version": 1,

schema.json

@@ -40,6 +40,9 @@
         "disable_correlation": {
           "type": "boolean"
         },
+        "to_ids": {
+          "type": "boolean"
+        },
         "description": {
           "type": "string"
         }
@@ -65,6 +68,9 @@
     "version": {
       "type": "integer"
     },
+    "uuid": {
+      "type": "string"
+    },
     "attributes": {
       "type": "object",
       "additionalProperties": {
@@ -92,6 +98,7 @@
     "version",
     "description",
     "meta-category",
-    "name"
+    "name",
+    "uuid"
   ]
 }

unique_uuid.py

@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from glob import glob
+import json
+
+all_uuids = {}
+for definition in glob('./objects/*/definition.json'):
+    with open(definition, 'r') as f:
+        d = json.load(f)
+        uuid = d['uuid']
+        name = d['name']
+        if all_uuids.get(uuid):
+            raise Exception('Same uuid for {} and {} ({})'.format(name, all_uuids.get(uuid), uuid))
+        all_uuids[uuid] = name

validate_all.sh

@@ -19,3 +19,4 @@ do
   echo ''
 done
 
+./unique_uuid.py